AI Security Review
scanned 3d ago · by lpm-firewall-aiOpening the leaderboard page executes mutable remote JavaScript fetched from GitHub. This gives the remote repository control over browser-side code after the npm package is published.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User opens leaderboard.html in a browser/CDN context.
Impact
Remote code can run in the page origin, alter displayed content, access page/localStorage context, and make browser network requests.
Mechanism
fetch remote JavaScript text and eval it
Attack narrative
When leaderboard.html loads, it includes assets/js/leaderboard.js. That script fetches scores.js from raw.githubusercontent.com and passes the returned text directly to eval, so the package delegates runtime code execution to mutable remote content outside the published npm artifact.
Rationale
The confirmed behavior is not merely loading a normal third-party library; it fetches remote text and evaluates it as code, creating a post-publish remote payload channel. No install-time compromise was found, but the runtime browser attack surface is concrete enough to block. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonleaderboard.htmlassets/js/leaderboard.jsassets/js/app_functions.js
Network endpoints3
raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.jshqlgppguxhqeaonjzinv.supabase.cocdn.jsdelivr.net/npm/@supabase/supabase-js@2
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Malware with medium false-positive risk.
Evidence for block
- assets/js/leaderboard.js fetches remote scores.js from raw.githubusercontent.com at runtime.
- assets/js/leaderboard.js immediately evals fetched remote text in main().
- leaderboard.html loads assets/js/leaderboard.js with defer when the leaderboard page opens.
Evidence against
- package.json has no lifecycle scripts, bin, dependencies, or Node install-time hooks.
- Source is primarily a static browser site with HTML/CSS/images.
- assets/js/app_functions.js uses a Supabase anon key for browser data access, consistent with public Supabase clients.
Behavioral surface
EvalNetwork
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourceassets/js/app_functions.jsView file
3patternName = supabase_service_key
severity = critical
line = 3
matchedText = "eyJhbGc...w8";
Critical
Critical Secret
Package contains a critical-looking secret pattern.
assets/js/app_functions.jsView on unpkg · L33patternName = supabase_service_key
severity = critical
line = 3
matchedText = "eyJhbGc...w8";
Critical
Secret Pattern
Supabase service role key (JWT) in assets/js/app_functions.js
assets/js/app_functions.jsView on unpkg · L3assets/js/leaderboard.jsView file
36async function getScores() {
L37: let response = await fetch(
L38: "https://raw.githubusercontent.com/grapes-os/grapes-os-leaderboard/main/scores.js",
L39: );
L40: return await response.text(); // is promise for whatever reason
L41: }
...
L45: let js_code = await getScores();
L46: eval(js_code); // never use eval
L47: } catch (e) {
Critical
Remote Asset Decode Execute
Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
assets/js/leaderboard.jsView on unpkg · L3645let js_code = await getScores();
L46: eval(js_code); // never use eval
L47: } catch (e) {
High
Findings
3 Critical1 High2 Medium2 Low
CriticalCritical Secretassets/js/app_functions.js
CriticalRemote Asset Decode Executeassets/js/leaderboard.js
CriticalSecret Patternassets/js/app_functions.js
HighEvalassets/js/leaderboard.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings