AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a browser toolbar bundle that loads the Velt SDK, stores product state in web storage, and talks to Superflow/Velt/Firebase services.
Static reason
One or more suspicious static signals were detected.
Trigger
Browser page imports/loads superflow.js and provides an API key via URL, window variable, or element attribute.
Impact
Expected collaboration/review toolbar behavior; no install-time or host filesystem impact found.
Mechanism
Browser custom element toolbar with product network calls and user-permission screenshot attachment.
Rationale
The suspicious signals are explained by a bundled browser collaboration toolbar using public Firebase config, product APIs, web storage, and user-invoked screenshot capture. I found no install-time execution, filesystem access, credential harvesting, persistence, destructive behavior, or unconsented AI-agent control mutation.
Evidence
package.jsonsuperflow.jssuperflow.min.js
Network endpoints8
cdn.jsdelivr.net/npm/@veltdev/sdk@us-central1-snipply-sdk-staging.cloudfunctions.net/getprivatenpmpackagefileapi.velt.dev/saapi.velt.dev/v2/sf/tbapp.usesuperflow.com/firebasestorage.googleapis.comus-central1-snippyly-sdk-prod.cloudfunctions.net/getqrcodewww.google.com/recaptcha/api.js
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- superflow.js dynamically injects Velt SDK from cdn.jsdelivr.net or snipply staging Cloud Function during browser runtime.
- superflow.js includes Firebase public config and calls Cloud Functions for analytics/auth/project state.
- superflow.js can capture screenshots via browser screen-sharing APIs and attach them to comments, gated by user permission/UI.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle scripts and main is a browser bundle.
- Entrypoint defines custom elements superflow-toolbar/snippyly-plugin and initializes only in a DOM/browser context.
- Network hosts are Superflow/Velt/Firebase/Google asset and API endpoints aligned with a collaboration toolbar.
- No child_process, fs writes, destructive actions, credential-file harvesting, or AI-agent control-surface writes found.
- process.env/document.cookie hits are bundled Firebase defaults handling, not package credential exfiltration.
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcesuperflow.jsView file
1545patternName = google_api_key
severity = high
line = 1545
matchedText = calc(${t...d=r`
High
1545patternName = google_api_key
severity = high
line = 1545
matchedText = calc(${t...d=r`
High
superflow.min.jsView file
1545patternName = google_api_key
severity = high
line = 1545
matchedText = calc(${t...d=a`
High
Findings
3 High2 Medium3 Low
HighHigh Secretsuperflow.js
HighSecret Patternsuperflow.js
HighSecret Patternsuperflow.min.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings