registry  /  flare-chat-ui  /  1.1.1

flare-chat-ui@1.1.1

Chat GUI 能力包。

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The only network primitive is a user-click image download for a rendered URL; package behavior is UI rendering and host callbacks.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User clicks a rendered image download control.
Impact
Downloads user-visible rendered content; no credential or local-file access is established.
Mechanism
Fetches the displayed image URL into a browser download.
Rationale
Direct inspection shows a bundled React chat UI with no install-time execution or concrete malicious chain. The scanner's Unicode finding is attributable to bundled rendering/parser data and markdown handling, not concealed executable behavior.
Evidence
package.jsondist/index.jsdist/index-IhZ10FMM.jsREADME.mddist/highlighted-body-OFNGDK62-DLVlqymP.jsdist/mermaid-GHXKKRXX-DoI1IwCE.js

Decision evidence

public snapshot
AI called this Clean at 97.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/index-IhZ10FMM.js contains bidi controls, but inside bundled parser/entity data.
  • dist/index-IhZ10FMM.js fetches an image URL only from a rendered image download click.
Evidence against
  • package.json has no preinstall, install, postinstall, or prepare hook.
  • dist/index.js is a React UI export bundle with host-provided callbacks for send, upload, and actions.
  • No child-process, filesystem, eval, credential harvesting, or persistence APIs were found.
  • Dynamic imports load only local rendering chunks and flare-canvas-ui.
  • No hard-coded external network endpoint or exfiltration path was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsTelemetryUrlStrings
Manifest
NoLicense
scanned 4 file(s), 1.60 MB of source, external domains: example.com, github.com, nodejs.org, reactjs.org, tailwindcss.com, v3.tailwindcss.com, www.ibm.com, www.w3.org

Source & flagged code

2 flagged · loading source
dist/index-IhZ10FMM.jsView file
2333contains invisible/control Unicode U+202A (left-to-right embedding) /* @__PURE__ */ 'ᵁ<Õıʊҝջאٵ۞ޢߖࠏ੊ઑඡ๭༉༦჊ረዡᐕᒝᓃᓟᔥ\0\0\0\0\0\0ᕫᛍᦍᰒᷝ὾<U+2060>↰⊍⏀⏻⑂⠤⤒ⴈ⹈⿎〖㊺㘹㞬㣾㨨㩱㫠㬮ࠀEMabcfglmnoprstu\\bfms„‹•˜¦³¹ÈÏlig耻Æ䃆P耻&䀦cute耻Á䃁reve;䄂Āiyx}rc耻Â䃂;䐐r;쀀𝔄rave耻À䃀pha;䎑acr;䄀d;橓Āgp¡on;䄄f;쀀𝔸plyFunction;恡ing耻Å䃅Ācs¾Ãr;쀀𝒜ign;扔ilde耻Ã䃃ml耻
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/index-IhZ10FMM.jsView on unpkg · L2333
Trigger-reachable chain: manifest.main -> dist/index.js -> dist/index-IhZ10FMM.js Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/index-IhZ10FMM.jsView on unpkg

Findings

2 Critical3 Medium5 Low
CriticalTrojan Source Unicodedist/index-IhZ10FMM.js
CriticalTrigger Reachable Dangerous Capabilitydist/index-IhZ10FMM.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License