AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime behavior is a database backup/restore library that connects to user-supplied DB hosts and reads/writes backup files when called.
Static reason
One or more suspicious static signals were detected.
Trigger
User imports package and calls exported function with configData
Impact
Can create/delete local backupfiles and alter/drop user-specified databases during restore modes, consistent with package purpose
Mechanism
user-invoked database backup/restore and zip extraction/creation
Rationale
Static source inspection shows package-aligned backup and restore behavior activated only by user invocation, with no lifecycle execution, exfiltration endpoint, remote code execution, persistence, or agent-surface mutation. Destructive database/file operations are tied to explicit restore/clean/full-backup modes and user-provided paths/configuration.
Evidence
package.jsonindex.jscreatebackup.jsupload.jsfilefunctions.jsfunctions.jslinks.jsgetmetadata.jsgetrows.js./backupfiles./backupfiles/backup./backupfiles/backup/database/raw.json./backupfiles/backup/database/dbtaskerdata.jsonuser-supplied output zip pathuser-supplied input zip path
Network endpoints1
user-supplied database host:port
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install lifecycle scripts and main is index.js
- index.js only exports an async user-invoked backup/restore function
- Database credentials are used to connect to MySQL/Postgres, not harvested from env or files
- No child_process, eval, fetch/http client, persistence, or AI-agent control-surface writes found
- File writes/deletes are package-aligned backupfiles/output zip and user restore workflow
- Builtin-like deps fs/path/stream are declared but source uses Node builtins and no install hook
Behavioral surface
Filesystem
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•Runtime dependency names matching Node built-ins: fs, path, stream
High
Node Builtin Dependency Squat
Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgFindings
1 High3 Low
HighNode Builtin Dependency Squatpackage.json
LowScripts Present
LowFilesystem
LowHigh Entropy Strings