AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Network and file operations are package-aligned open-data retrieval/cache helpers that require caller invocation.
Static reason
One or more suspicious static signals were detected.
Trigger
user imports and explicitly calls loader/parser/git helper APIs
Impact
Caller-requested reads/writes/network/git operations in caller-provided paths/repos
Mechanism
French Assembly data parsing, loading, retrieval, and optional git helper commands
Rationale
Direct source inspection shows suspicious primitives are either build metadata or explicit package-aligned utilities for French Assembly open data. There is no install/import-time execution, credential collection, or unconsented exfiltration path.
Evidence
package.jsonlib/index.jslib/loaders.jslib/loaders-IUehTy2k.jslib/parsers.jslib/git.js
Network endpoints3
data.assemblee-nationale.frwww.assemblee-nationale.frwww2.assemblee-nationale.fr
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json has prepare script, but it only runs local build/prettier and no install hook is shipped in lib.
- lib/git.js exposes git execFileSync helpers using process.env, including reset/push, but only as explicit exported utilities.
Evidence against
- package.json exports only lib entrypoints; no bin, preinstall, install, or postinstall scripts.
- lib/index.js is schema/data helper exports with no import-time network or process execution.
- lib/loaders-IUehTy2k.js contains Assembly open-data URLs and local dataset reads/path creation aligned with package purpose.
- lib/parsers.js fetches assemblee-nationale.fr amendment pages only inside exported async iterators and writes cache files under caller-provided directory.
- lib/parsers.js scanner secret hit is bundled parser/entity text, not credential material.
- No credential harvesting, persistence, destructive install-time behavior, or unexplained exfiltration found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
CopyleftLicense
Source & flagged code
1 flagged · loading sourcelib/parsers.jsView file
2408patternName = generic_password
severity = medium
line = 2408
matchedText = password...d]",
Medium
Findings
3 Medium6 Low
MediumSecret Patternlib/parsers.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License