AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime networking is limited to package-aligned browser asset/media functionality, and no install-time execution exists.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Rendering components that load remote icons, media, maps, or animation content.
Impact
No credential theft, persistence, foreign control-surface mutation, or destructive action established.
Mechanism
Browser UI rendering and package-aligned asset fetching.
Rationale
Source inspection supports a browser React component package with no lifecycle hooks or host-side attack primitives. Scanner hits resolve to normal Wix asset loading, bundled Lottie expression support, and intentional bidi string data rather than a concrete malicious chain.
Evidence
package.jsondist/site/components/TextInput/component.jsdist/site/components/Lottie/component.jsdist/site/components/chunks/Tooltip.jsREADME.md
Network endpoints3
static.parastorage.com/services/wix-ui-icons-common/dist/icons/static.wixstatic.com/maps.googleapis.com/maps/api/js
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall, install, postinstall, bin, or Node entrypoint.
- Published files are browser-oriented Wix React component bundles under dist/site.
- TextInput fetches versioned icon JSON only from Wix static.parastorage.com during icon rendering.
- Lottie eval is the bundled animation-expression engine, gated by runExpressions; no exfiltration or persistence chain found.
- Tooltip.js bidi controls are explicit Unicode isolate characters used as string data, not hidden source syntax.
- No child-process, filesystem-write, credential-harvesting, agent-control, or destructive APIs found in dist.
Behavioral surface
ChildProcessEnvironmentVarsEvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/site/components/Lottie/component.jsView file
13712var scoped_bm_rt;
L13713: var expression_function = eval("[function _expression_function(){" + val + ";scoped_bm_rt=$bm_rt}]")[0];
L13714: var numKeys = property.kf ? data.k.length : 0;
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/site/components/Lottie/component.jsView on unpkg · L13712dist/site/components/chunks/Tooltip.jsView file
7191contains invisible/control Unicode U+2066 (left-to-right isolate)
text: "<U+2066>",
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/site/components/chunks/Tooltip.jsView on unpkg · L7191dist/site/components/chunks/constants3.jsView file
61patternName = generic_password
severity = medium
line = 61
matchedText = password...rd",
Medium
Secret Pattern
Hardcoded password in dist/site/components/chunks/constants3.js
dist/site/components/chunks/constants3.jsView on unpkg · L61Findings
1 Critical4 Medium4 Low
CriticalTrojan Source Unicodedist/site/components/chunks/Tooltip.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/site/components/chunks/constants3.js
LowScripts Present
LowEvaldist/site/components/Lottie/component.js
LowHigh Entropy Strings
LowUrl Strings