AI Security Review
scanned 21h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network use is limited to user-rendered UI media, icons, and video metadata; no install-time execution or host-control mutation exists.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Rendering relevant Wix editor components
Impact
No confirmed unauthorized execution, persistence, credential collection, or exfiltration
Mechanism
Browser UI asset and video metadata loading
Rationale
Static inspection finds a bundled Wix React component package with no lifecycle execution or concrete malicious chain. Scanner hits are attributable to normal browser component behavior and bundled Lottie/date-time code.
Evidence
package.jsondist/site/components/Lottie/component.jsdist/site/components/chunks/Tooltip.jsdist/site/components/TextInput/component.jsdist/site/components/SocialPlayerVimeo/component.jsdist/site/components/chunks/Video.jsREADME.md
Network endpoints3
static.parastorage.comstatic.wixstatic.comvimeo.com/api/oembed.json
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hooks or bin entrypoint.
- Published files are UI assets under dist/site; no native binaries found.
- No child_process, shell, filesystem harvesting, or credential-exfiltration primitives found.
- Lottie eval is bundled expression support, not install-time code or remote payload loading.
- Tooltip bidi characters are intentional date/time directionality literals.
- Observed fetches load Wix icon/media assets or Vimeo metadata during component use.
Behavioral surface
ChildProcessEnvironmentVarsEvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/site/components/Lottie/component.jsView file
13712var scoped_bm_rt;
L13713: var expression_function = eval("[function _expression_function(){" + val + ";scoped_bm_rt=$bm_rt}]")[0];
L13714: var numKeys = property.kf ? data.k.length : 0;
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/site/components/Lottie/component.jsView on unpkg · L13712dist/site/components/chunks/Tooltip.jsView file
7191contains invisible/control Unicode U+2066 (left-to-right isolate)
text: "<U+2066>",
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/site/components/chunks/Tooltip.jsView on unpkg · L7191dist/site/components/chunks/constants3.jsView file
61patternName = generic_password
severity = medium
line = 61
matchedText = password...rd",
Medium
Secret Pattern
Hardcoded password in dist/site/components/chunks/constants3.js
dist/site/components/chunks/constants3.jsView on unpkg · L61Findings
1 Critical4 Medium4 Low
CriticalTrojan Source Unicodedist/site/components/chunks/Tooltip.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/site/components/chunks/constants3.js
LowScripts Present
LowEvaldist/site/components/Lottie/component.js
LowHigh Entropy Strings
LowUrl Strings