AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a reusable UI component bundle with browser-side fetches for host app workflows and a server-side theme loader that reads caller-specified YAML scheme files.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing exported UI modules or rendering Astro/React components in a host app.
Impact
No credential harvesting, exfiltration, persistence, or destructive behavior confirmed.
Mechanism
Package-aligned UI initialization and host-relative API calls.
Rationale
Static inspection shows scanner hits are package-aligned browser UI/network behavior and vendored CodeMirror code, with no install-time payload or source evidence of malicious behavior. The missing prepare target is packaging noise rather than a working lifecycle attack in the extracted package.
Evidence
package.jsondist/index.jsdist/react.jsdist/lib/app/markdown-field.jsdist/astro/forms/MarkdownField.astrodist/astro/forms/markdown-field.tsdist/theme/index.jsdist/lib/feedback/dialog.tsdist/lib/feedback/dom-capture.tsdist/lib/app/deployment-action-status.jsdist/lib/app/platform-operation-status.jsdist/react/charts/MonitoringChart.js
Network endpoints9
/api/markdown/preview/api/monitoring/snapshot/api/project-activity/events/api/feedback/submit/v1/platform/operations/{id}/v1/platform/operations/{id}/events/v1/jobs/{id}challenges.cloudflare.com/turnstile/v0/api.js?render=explicitplacehold.co/1200x630
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json has prepare script pointing to ./scripts/prepare.ts, but scripts/ is absent from published files.
Evidence against
- package contains only package.json, README, LICENSE, and dist/; no install/postinstall hooks or binaries found.
- dist/index.js only re-exports UI/theme/chart/form helpers and imports dist/lib/app/markdown-field.js as a browser UI module.
- dist/lib/app/markdown-field.js initializes CodeMirror and fetches /api/markdown/preview only when markdown UI is used.
- Trojan-source scan for bidi/invisible control bytes in dist/lib/app/markdown-field.js found no matches.
- Network use is browser UI behavior against host-provided relative endpoints or documented Cloudflare Turnstile script, not hardcoded exfiltration.
- No child_process, shell execution, native addon, credential-file reads, persistence, or AI-agent control-surface writes found.
Behavioral surface
ChildProcessEnvironmentVarsNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/lib/app/markdown-field.jsView file
9148contains invisible/control Unicode U+200B (zero width space)
--<U+200B><U+200E><U+200F>\u2028\u2029<U+202D><U+202E><U+2066><U+2067><U+2069>\uFEFF-]`, Eo), Og = {
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/lib/app/markdown-field.jsView on unpkg · L9148•Trigger-reachable chain: manifest.exports -> dist/lib/app/markdown-field.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/lib/app/markdown-field.jsView on unpkgFindings
2 Critical3 Medium4 Low
CriticalTrojan Source Unicodedist/lib/app/markdown-field.js
CriticalTrigger Reachable Dangerous Capabilitydist/lib/app/markdown-field.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings