AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a markdown-only offline knowledge corpus, and suspicious strings are documentation examples rather than executable behavior.
Decision evidence
public snapshot- security/04-antipatterns/security-coding-antipatterns.md contains example AWS-looking keys in a documented 'bad' hardcoded-secret antipattern code block.
- Many markdown files contain URLs, tokens, fetch/import examples, and security strings as educational content.
- package.json has no scripts, no main/bin/module/browser entrypoints, and files is limited to **/*.md.
- Package contents are markdown knowledge documents; no non-md executable/source files found besides package.json.
- README.md describes an offline engineering knowledge corpus consumed by the main umadev launcher.
- No install-time or import-time execution path, child_process use, native/binary loading, persistence, or project file writes found.
- No credential harvesting or exfiltration logic found; scanner secret hit is a clearly labeled example placeholder ending EXAMPLE/EXAMPLEKEY.
Source & flagged code
28 flagged · loading sourcePackage contains a critical-looking secret pattern.
security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33AWS access key ID in security/04-antipatterns/security-coding-antipatterns.md
security/04-antipatterns/security-coding-antipatterns.mdView on unpkg · L33Hardcoded password in devops/01-standards/terraform-complete.md
devops/01-standards/terraform-complete.mdView on unpkg · L2020Hardcoded password in devops/01-standards/terraform-complete.md
devops/01-standards/terraform-complete.mdView on unpkg · L2023Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md
cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L443Hardcoded password in cloud-native/04-antipatterns/k8s-antipatterns.md
cloud-native/04-antipatterns/k8s-antipatterns.mdView on unpkg · L456Hardcoded password in cloud-native/01-standards/kubernetes-complete.md
cloud-native/01-standards/kubernetes-complete.mdView on unpkg · L457Hardcoded password in cloud-native/01-standards/container-security.md
cloud-native/01-standards/container-security.mdView on unpkg · L355Hardcoded password in cloud-native/02-playbooks/gitops-with-argocd.md
cloud-native/02-playbooks/gitops-with-argocd.mdView on unpkg · L606Hardcoded password in cloud-native/02-playbooks/terraform-iac-playbook.md
cloud-native/02-playbooks/terraform-iac-playbook.mdView on unpkg · L107Hardcoded password in frontend/01-standards/react-hooks-complete.md
frontend/01-standards/react-hooks-complete.mdView on unpkg · L799Hardcoded password in security/secrets-management.md
security/secrets-management.mdView on unpkg · L58Hardcoded password in security/secrets-management.md
security/secrets-management.mdView on unpkg · L331AWS access key ID in development/04-antipatterns/security-antipatterns.md
development/04-antipatterns/security-antipatterns.mdView on unpkg · L28Hardcoded password in development/01-standards/oauth2-complete.md
development/01-standards/oauth2-complete.mdView on unpkg · L254Hardcoded password in development/01-standards/postgresql-complete.md
development/01-standards/postgresql-complete.mdView on unpkg · L378Hardcoded password in backend/04-antipatterns/backend-antipatterns.md
backend/04-antipatterns/backend-antipatterns.mdView on unpkg · L949Hardcoded password in backend/01-standards/nestjs-complete.md
backend/01-standards/nestjs-complete.mdView on unpkg · L1624Hardcoded password in backend/01-standards/django-complete.md
backend/01-standards/django-complete.mdView on unpkg · L1155Hardcoded password in backend/01-standards/django-complete.md
backend/01-standards/django-complete.mdView on unpkg · L1184Hardcoded password in testing/02-playbooks/e2e-testing-playbook.md
testing/02-playbooks/e2e-testing-playbook.mdView on unpkg · L601Hardcoded password in data-engineering/01-standards/airflow-complete.md
data-engineering/01-standards/airflow-complete.mdView on unpkg · L477Hardcoded password in experts/qa-lead/test-strategy.md
experts/qa-lead/test-strategy.mdView on unpkg · L68Hardcoded password in data/01-standards/redis-complete.md
data/01-standards/redis-complete.mdView on unpkg · L552Hardcoded password in data/01-standards/redis-complete.md
data/01-standards/redis-complete.mdView on unpkg · L556Hardcoded password in data/01-standards/redis-complete.md
data/01-standards/redis-complete.mdView on unpkg · L595Hardcoded password in data/01-standards/postgresql-complete.md
data/01-standards/postgresql-complete.mdView on unpkg · L764Hardcoded password in data/01-standards/postgresql-complete.md
data/01-standards/postgresql-complete.mdView on unpkg · L767