AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle scripts
- bin/credstore.js only handles help/version and user-invoked Electron launch
- electron/main.js loads local out/index.html in production and denies new external windows
- Electron webPreferences disable nodeIntegration and enable contextIsolation/webSecurity
- out/_next/static/chunks/app/page-83bc23a92d0680f1.js stores encrypted credential data in localStorage using Web Crypto
- No runtime fetch/XMLHttpRequest/sendBeacon or exfiltration endpoint found in reviewed sources
Behavioral surface
SourceChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chainHighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 798 KB of source, external domains: github.com, nextjs.org, radix-ui.com, react.dev, reactjs.org, www.w3.org