registry  /  @whfzgyx/ojo-canvas-sdk  /  0.1.1

@whfzgyx/ojo-canvas-sdk@0.1.1

`@touchine/ojo-canvas-sdk` is the browser-facing OJO project canvas SDK.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by source inspection. The package is a bundled browser canvas runtime plus host iframe mount API; risky-looking strings are aligned with UI/runtime behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports mountOjoCanvas or serves dist/runtime/index.html in a browser.
Impact
Loads canvas UI assets and exchanges project/runtime messages with configured host endpoints; no install-time or local system compromise observed.
Mechanism
Browser iframe canvas SDK with host-provided bridge and asset loading.
Rationale
Static inspection found a large bundled browser SDK with network/AI-agent-related UI and bridge code, but no install-time execution, credential harvesting, persistence, filesystem mutation, or unconsented agent control-surface writes. The scope/name mismatch is a provenance concern but not concrete malicious behavior in the package source.
Evidence
package.jsonREADME.mddist/host/index.jsdist/host/protocol.d.tsdist/runtime/manifest.jsondist/runtime/index.htmldist/runtime/assets/src-Bek_MNDM.jsdist/runtime/assets/contribution-lwcJu7qd.jsdist/runtime/assets/preview-mode-utils-Db96ulEr.jsdist/runtime/assets/ja-CO70Pb1Z.js
Network endpoints6
irise-web-canvas-public-assets.rogerhorsleymorris.workers.dev/irise-resources-staging-us-east-1-972778198637.s3.us-east-1.amazonaws.comgenerativelanguage.googleapis.comaiplatform.googleapis.com/fonts.googleapis.comfonts.gstatic.com

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Package identity mismatch: package.json is @whfzgyx/ojo-canvas-sdk while README and runtime constants refer to @touchine/ojo-canvas-sdk.
Evidence against
  • package.json has no preinstall/install/postinstall scripts or bin entries.
  • dist/host/index.js only creates an iframe, posts host config, validates message origin, and exposes unmount/update.
  • README describes a browser OJO canvas SDK with host-provided runtime, workspace, resource, and bridge endpoints.
  • dist/runtime/manifest.json lists static CDN assets under irise-web-canvas-public-assets.rogerhorsleymorris.workers.dev.
  • Network and storage usage found is browser runtime behavior for canvas assets, localization, project restore, and host bridge flows.
  • No child_process, filesystem writes, npm token harvesting, agent config mutation, or install-time execution found.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 20 file(s), 3.39 MB of source, external domains: fb.me, figma.com, github.com, irise-resources-staging-us-east-1-972778198637.s3.us-east-1.amazonaws.com, ojo.dev, prosemirror.net, radix-ui.com, react.dev, reactrouter.com, www.w3.org
Oversized source lightweight scan
dist/runtime/assets/contribution-lwcJu7qd.js3.70 MB file, sampled 256 KB
ChildProcessMinifiedUrlStringswww.w3.org

Source & flagged code

4 flagged · loading source
dist/runtime/assets/preview-mode-utils-Db96ulEr.jsView file
31patternName = google_api_key severity = high line = 31 matchedText = caused b...it(`
High
High Secret

Package contains a high-severity secret pattern.

dist/runtime/assets/preview-mode-utils-Db96ulEr.jsView on unpkg · L31
31patternName = google_api_key severity = high line = 31 matchedText = caused b...it(`
High
Secret Pattern

Google API key in dist/runtime/assets/preview-mode-utils-Db96ulEr.js

dist/runtime/assets/preview-mode-utils-Db96ulEr.jsView on unpkg · L31
dist/runtime/assets/ja-CO70Pb1Z.jsView file
3contains invisible/control Unicode U+200B (zero width space) これでターミナルに戻ることができます。`,authorizedCode:`認証されたデバイスコード`,authorizeAnother:`別のデバイスを認証する`,returnHome:`家に帰る`},confirm:{eyebrow:`CLI デバイスの認証`,title:`Ojo CLIを認可する`,description:`Ojo CLI へのアクセスを確認します。`,browserCode:`ブラウザ確認コード`,deviceCode:`デバイスコード`,approv
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/runtime/assets/ja-CO70Pb1Z.jsView on unpkg · L3
dist/runtime/assets/contribution-lwcJu7qd.jsView file
path = [redacted]-lwcJu7qd.js kind = oversized_source_file sizeBytes = 3875075 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/runtime/assets/contribution-lwcJu7qd.jsView on unpkg

Findings

1 Critical3 High3 Medium5 Low
CriticalTrojan Source Unicodedist/runtime/assets/ja-CO70Pb1Z.js
HighHigh Secretdist/runtime/assets/preview-mode-utils-Db96ulEr.js
HighOversized Source Filedist/runtime/assets/contribution-lwcJu7qd.js
HighSecret Patterndist/runtime/assets/preview-mode-utils-Db96ulEr.js
MediumDynamic Require
MediumNetwork
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License