AI Security Review
scanned 3d ago · by lpm-firewall-aiThe confirmed risk is browser runtime remote-code execution on the leaderboard page. No install-time npm compromise behavior was found.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User visits leaderboard.html in a browser with JavaScript enabled.
Impact
Remote repository compromise or change can execute arbitrary browser JavaScript in the package-hosted site context.
Mechanism
fetch remote JavaScript and eval response text
Attack narrative
On leaderboard page load, assets/js/leaderboard.js downloads scores.js from GitHub raw content and immediately evals it. That gives the remote repository control over browser JavaScript executed by consumers of the npm-hosted static site, but inspection did not find install hooks, local file access, credential harvesting, or a concrete malicious payload in the packaged source.
Rationale
Source inspection confirms a real dangerous browser RCE pattern, but the behavior is page-scoped static-site functionality and no concrete malicious payload or npm install-time attack was present. Treat as a warning rather than a publish block.
Evidence
package.jsonleaderboard.htmlassets/js/leaderboard.jsassets/js/app_functions.jsassets/js/links.jsassets/js/ab-blank.js
Network endpoints2
raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.jshqlgppguxhqeaonjzinv.supabase.co
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
- assets/js/leaderboard.js fetches remote JS from raw.githubusercontent.com and passes response text to eval().
- leaderboard.html loads assets/js/leaderboard.js on page visit, creating runtime remote-code execution in the browser.
- assets/js/links.js contains many external proxy/unblocker URLs that can be loaded into gameFrame by user action.
- assets/js/ab-blank.js opens the site in an about:blank-style window and closes the original tab, a user-facing cloaking behavior.
Evidence against
- package.json has no lifecycle scripts and main is a static index.html.
- No Node child_process, filesystem access, native binaries, install-time execution, or credential harvesting found.
- Supabase key in assets/js/app_functions.js is an anon browser client key used for app listing RPC, not a service-role secret.
- Remote leaderboard code appears intended as site content data for score rendering, not confirmed credential exfiltration or persistence.
Behavioral surface
EvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourceassets/js/app_functions.jsView file
3patternName = supabase_service_key
severity = critical
line = 3
matchedText = "eyJhbGc...w8";
Critical
Critical Secret
Package contains a critical-looking secret pattern.
assets/js/app_functions.jsView on unpkg · L33patternName = supabase_service_key
severity = critical
line = 3
matchedText = "eyJhbGc...w8";
Critical
Secret Pattern
Supabase service role key (JWT) in assets/js/app_functions.js
assets/js/app_functions.jsView on unpkg · L3assets/js/leaderboard.jsView file
36async function getScores() {
L37: let response = await fetch(
L38: "https://raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.js",
L39: );
L40: return await response.text(); // is promise for whatever reason
L41: }
...
L45: let js_code = await getScores();
L46: eval(js_code); // never use eval
L47: } catch (e) {
Critical
Remote Asset Decode Execute
Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
assets/js/leaderboard.jsView on unpkg · L3645let js_code = await getScores();
L46: eval(js_code); // never use eval
L47: } catch (e) {
High
Findings
3 Critical1 High2 Medium2 Low
CriticalCritical Secretassets/js/app_functions.js
CriticalRemote Asset Decode Executeassets/js/leaderboard.js
CriticalSecret Patternassets/js/app_functions.js
HighEvalassets/js/leaderboard.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings