AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are package-aligned shell, filesystem, environment, and request APIs activated by consumer code.
Static reason
One or more suspicious static signals were detected.
Trigger
User imports dax and explicitly calls shell, path, env, or request APIs.
Impact
No automatic install-time/import-time execution, exfiltration, persistence, or AI-agent control-surface mutation found.
Mechanism
User-invoked scripting utility library primitives
Rationale
dax@0.48.5 is a scripting library whose network, env, filesystem, and child_process references implement documented user-invoked functionality. Static inspection found no lifecycle hook, top-level payload execution, credential exfiltration, persistence, or unconsented agent-control mutation.
Evidence
package.jsonREADME.mdscript/mod.jsesm/mod.js
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
- script/mod.js bundles shell, filesystem, env, and fetch capabilities that are powerful if invoked by a consumer.
Evidence against
- package.json has no preinstall/install/postinstall/prepare lifecycle hooks.
- package.json entrypoints are ./script/mod.js and ./esm/mod.js only; no bin or install runner.
- script/mod.js child_process usage is inside exported shell command execution paths, not top-level import execution.
- script/mod.js makeRequest calls fetch only after a user supplies a URL through the request builder.
- README.md describes dax as a cross-platform shell/request/prompt library and shows explicit user-invoked APIs.
- Search found no agent control-surface files, persistence hooks, credential harvesting, or hardcoded exfiltration endpoint.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourceesm/mod.jsView file
3443patternName = aws_access_key
severity = critical
line = 3443
matchedText = var byte...=");
Critical
3443patternName = aws_access_key
severity = critical
line = 3443
matchedText = var byte...=");
Critical
script/mod.jsView file
4043patternName = aws_access_key
severity = critical
line = 4043
matchedText = var byte...=");
Critical
Findings
3 Critical2 Medium4 Low
CriticalCritical Secretesm/mod.js
CriticalSecret Patternesm/mod.js
CriticalSecret Patternscript/mod.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings