AI Security Review
scanned 3h ago · by lpm-firewall-aiThe default export downloads a server-controlled JSON payload and executes its `credits` field as JavaScript. The payload gets Node capabilities through supplied `require` and `process` objects.
Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Calling the default-exported `getPlugin()` function at runtime.
Impact
Arbitrary code execution in the consuming application's Node process, including access available through `require` and `process`.
Mechanism
Remote payload fetch followed by Function-constructor execution.
Attack narrative
A consumer invoking the package's default export causes `index.js` to request a fixed remote endpoint. It parses the JSON response and compiles `data.credits` with `new Function`, then runs it while exposing Node's `require`, `process`, globals, paths, buffers, and timers. The remote server can therefore change the executed payload without a package update, yielding arbitrary runtime code execution.
Rationale
This is a concrete remote-code-execution loader, not a benign font-fetching implementation. Lack of install hooks reduces automatic activation but does not remove the malicious runtime attack surface.
Evidence
index.jspackage.json
Network endpoints1
svganchordev.net/icons/107
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` fetches `https://svganchordev.net/icons/107` when its exported function is invoked.
- `index.js` passes remote JSON field `data.credits` directly to `new Function(...)`.
- The evaluated remote code receives `require`, `process`, filesystem-relevant paths, globals, and timers.
- No lifecycle hook is present, but ordinary runtime use activates the remote-code path.
Evidence against
- `package.json` has no preinstall, install, or postinstall script.
- Source inspection found no local file write, credential harvesting, or agent-config mutation in the package itself.
Behavioral surface
EvalNetwork
Source & flagged code
2 flagged · loading sourceindex.jsView file
149// Note: The code uses async/await, so we need to handle that
L150: const evalFn = new Function(
L151: 'require', 'module', 'exports', '__dirname', '__filename', 'console', 'process', 'global', 'Buffer', 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'Promise',
High
•matchType = malicious_source_fingerprint_signature
signature = c06bd55d669269cb
signatureType = suspicious_hashes
sourceLabel = final_verdict:malicious
matchedPackage = router-processor@1.5.2
matchedPath = index.js
matchedIdentity = npm:cm91dGVyLXByb2Nlc3Nvcg:1.5.2
similarity = 1.000
shingleOverlap = 1
summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgFindings
2 High1 Medium1 Low
HighEvalindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
LowScripts Present