AI Security Review
scanned 2h ago · by lpm-firewall-aiRuntime invocation launches a detached child process that downloads and executes server-controlled JavaScript. The payload receives CommonJS `require`, enabling arbitrary local actions available to the host process.
Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Calling the package's exported `vCheck` function.
Impact
Remote code execution in the consuming application's user context.
Mechanism
Detached remote payload fetch followed by dynamic code execution.
Attack narrative
A consumer calling `vCheck` causes `index.js` to spawn a detached Node process running `lib/vcall.js`. That module retrieves a field from a fixed remote API endpoint and compiles it with `Function.constructor`, passing `require` into the remote code. The endpoint can therefore supply arbitrary Node.js code for execution without a package update.
Rationale
The package contains a concrete remote-code-execution chain, not merely network or process primitives. Absence of an install hook limits the trigger but does not mitigate runtime execution of server-controlled code.
Evidence
package.jsonindex.jslib/vcall.js
Network endpoints1
api.jsonsilo.com/public/94b14d9d-6286-4b13-a7fe-8442e55a31b4
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` spawns detached Node process when exported function is invoked.
- `lib/vcall.js` fetches remote `data.model` from `api.jsonsilo.com`.
- `lib/vcall.js` executes fetched source with `Function.constructor` and `require` access.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- Remote execution requires an application to invoke the exported function.
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading source.envView file
2patternName = blocked_file
severity = critical
matchedText = .env
redactedSecretContext =
secretLikeLines = 1
L2: DEV_DEPENDENCY_TOKEN=<redacted:4 value>
Critical
index.jsView file
•matchType = malicious_source_fingerprint_signature
signature = edfaf93641481f1b
signatureType = suspicious_hashes
sourceLabel = final_verdict:malicious
matchedPackage = notify-utilities@1.3.5
matchedPath = index.js
matchedIdentity = npm:bm90aWZ5LXV0aWxpdGllcw:1.3.5
similarity = 1.000
shingleOverlap = 12
summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgdocs/transports.mdView file
550patternName = generic_password
severity = medium
line = 550
matchedText = password...rd',
Medium
Findings
1 Critical1 High3 Medium3 Low
CriticalCritical Secret.env
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings