AI Security Review
scanned 3d ago · by lpm-firewall-aiNo install-time npm compromise was found. The real unresolved risk is browser runtime remote code execution on the leaderboard page via fetched GitHub JavaScript evaluated with eval().
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User opens leaderboard.html in a browser
Impact
A changed upstream scores.js could execute arbitrary browser JavaScript in visitors' sessions under the site origin.
Mechanism
remote JavaScript fetch followed by eval
Attack narrative
When leaderboard.html is viewed, assets/js/leaderboard.js downloads scores.js from raw.githubusercontent.com and immediately evals the returned text. The packaged code does not itself harvest credentials, persist, or run during npm install, but the mutable remote script can become arbitrary browser code without a package update.
Rationale
Static inspection confirms a concrete remote-eval runtime risk, but not a packaged malicious payload, install hook, credential exfiltration, or destructive behavior. Treat as warn/suspicious rather than publish-block malicious.
Evidence
package.jsonleaderboard.htmlassets/js/leaderboard.jsassets/js/app_functions.jsassets/js/main.jsassets/js/cdn-base.jsassets/js/ab-blank.jsassets/js/links.js
Network endpoints3
raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.jshqlgppguxhqeaonjzinv.supabase.cocdn.jsdelivr.net/npm/@supabase/supabase-js@2
Decision evidence
public snapshotAI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
- assets/js/leaderboard.js fetches remote scores.js from raw.githubusercontent.com and passes response text to eval()
- leaderboard.html loads assets/js/leaderboard.js at page runtime
- assets/js/app_functions.js embeds a Supabase anon key and queries https://hqlgppguxhqeaonjzinv.supabase.co for app data
Evidence against
- package.json has no lifecycle scripts, bin, dependencies, or install-time execution
- No Node child_process, filesystem access, native binaries, or shell execution found
- Supabase key is anon client-side configuration, not a service-role secret
- Remote network use is for a static games site: app listings, leaderboard, fonts, and assets
Behavioral surface
EvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourceassets/js/app_functions.jsView file
3patternName = supabase_service_key
severity = critical
line = 3
matchedText = "eyJhbGc...w8";
Critical
Critical Secret
Package contains a critical-looking secret pattern.
assets/js/app_functions.jsView on unpkg · L33patternName = supabase_service_key
severity = critical
line = 3
matchedText = "eyJhbGc...w8";
Critical
Secret Pattern
Supabase service role key (JWT) in assets/js/app_functions.js
assets/js/app_functions.jsView on unpkg · L3assets/js/leaderboard.jsView file
36async function getScores() {
L37: let response = await fetch(
L38: "https://raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.js",
L39: );
L40: return await response.text(); // is promise for whatever reason
L41: }
...
L45: let js_code = await getScores();
L46: eval(js_code); // never use eval
L47: } catch (e) {
Critical
Remote Asset Decode Execute
Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
assets/js/leaderboard.jsView on unpkg · L3645let js_code = await getScores();
L46: eval(js_code); // never use eval
L47: } catch (e) {
High
Findings
3 Critical1 High2 Medium2 Low
CriticalCritical Secretassets/js/app_functions.js
CriticalRemote Asset Decode Executeassets/js/leaderboard.js
CriticalSecret Patternassets/js/app_functions.js
HighEvalassets/js/leaderboard.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings