registry  /  @whfzgyx/ojo-canvas-sdk  /  0.1.4

@whfzgyx/ojo-canvas-sdk@0.1.4

`@touchine/ojo-canvas-sdk` is the browser-facing OJO project canvas SDK.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious install or import-time attack surface is established. The main residual risk is package identity mismatch with a bundled browser canvas runtime.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports mountOjoCanvas or serves dist/runtime in a browser.
Impact
Runtime may call host-configured project/bridge endpoints and public asset CDN during normal canvas use; no source evidence of unconsented system mutation or exfiltration.
Mechanism
Browser iframe canvas SDK with host-supplied endpoints and static bundled runtime assets.
Rationale
Static inspection found a repackaged-looking browser SDK with identity mismatch, but no lifecycle hook, install-time mutation, credential collection, filesystem access, or concrete exfiltration path. The risky primitives are consistent with a canvas runtime that uses host-provided APIs and public assets.
Evidence
package.jsonREADME.mddist/host/index.jsdist/runtime/manifest.jsondist/runtime/index.htmldist/runtime/assets/contribution-2_nEDXgm.jsdist/runtime/assets/preview-mode-utils-CMIiGQEw.jsdist/runtime/assets/ja-CO70Pb1Z.js
Network endpoints1
irise-web-canvas-public-assets.rogerhorsleymorris.workers.dev/

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json name differs from README/import examples, which identify @touchine/ojo-canvas-sdk.
  • Bundled browser runtime contains Codex/workspace bridge UI and HTTP/WebSocket bridge strings, but they are runtime features described in README.
  • Large minified dist/runtime/assets/contribution-2_nEDXgm.js includes broad app code, making provenance harder to verify.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; only build/test/prepack scripts.
  • dist/host/index.js only mounts an iframe, validates options, and postMessages host config to the runtime origin.
  • No confirmed child_process, fs writes, persistence, credential harvesting, or install-time AI-agent control mutation found.
  • Network use is browser/runtime-aligned: host-provided project APIs and public canvas asset CDN in README/manifest.
  • Scanner secret/Trojan-source hits appear to be bundled Firebase/base64/i18n/minified UI content, not active exfiltration.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 20 file(s), 3.39 MB of source, external domains: fb.me, figma.com, github.com, irise-resources-staging-us-east-1-972778198637.s3.us-east-1.amazonaws.com, irise-web-canvas-public-assets.rogerhorsleymorris.workers.dev, ojo.dev, prosemirror.net, radix-ui.com, react.dev, reactrouter.com, www.w3.org
Oversized source lightweight scan
dist/runtime/assets/contribution-2_nEDXgm.js3.70 MB file, sampled 256 KB
ChildProcessHighEntropyStringsMinifiedUrlStringsirise-web-canvas-public-assets.rogerhorsleymorris.workers.devwww.w3.org

Source & flagged code

4 flagged · loading source
dist/runtime/assets/preview-mode-utils-CMIiGQEw.jsView file
31patternName = google_api_key severity = high line = 31 matchedText = caused b...it(`
High
High Secret

Package contains a high-severity secret pattern.

dist/runtime/assets/preview-mode-utils-CMIiGQEw.jsView on unpkg · L31
31patternName = google_api_key severity = high line = 31 matchedText = caused b...it(`
High
Secret Pattern

Google API key in dist/runtime/assets/preview-mode-utils-CMIiGQEw.js

dist/runtime/assets/preview-mode-utils-CMIiGQEw.jsView on unpkg · L31
dist/runtime/assets/ja-CO70Pb1Z.jsView file
3contains invisible/control Unicode U+200B (zero width space) これでターミナルに戻ることができます。`,authorizedCode:`認証されたデバイスコード`,authorizeAnother:`別のデバイスを認証する`,returnHome:`家に帰る`},confirm:{eyebrow:`CLI デバイスの認証`,title:`Ojo CLIを認可する`,description:`Ojo CLI へのアクセスを確認します。`,browserCode:`ブラウザ確認コード`,deviceCode:`デバイスコード`,approv
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/runtime/assets/ja-CO70Pb1Z.jsView on unpkg · L3
dist/runtime/assets/contribution-2_nEDXgm.jsView file
path = [redacted]-2_nEDXgm.js kind = oversized_source_file sizeBytes = 3880836 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/runtime/assets/contribution-2_nEDXgm.jsView on unpkg

Findings

1 Critical3 High3 Medium6 Low
CriticalTrojan Source Unicodedist/runtime/assets/ja-CO70Pb1Z.js
HighHigh Secretdist/runtime/assets/preview-mode-utils-CMIiGQEw.js
HighOversized Source Filedist/runtime/assets/contribution-2_nEDXgm.js
HighSecret Patterndist/runtime/assets/preview-mode-utils-CMIiGQEw.js
MediumDynamic Require
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License