AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package is a static site, but its leaderboard page loads and executes mutable remote JavaScript. A visitor opening the packaged leaderboard grants code execution to a GitHub-hosted payload outside the npm tarball.
Decision evidence
public snapshot- assets/js/leaderboard.js fetches remote scores.js from raw.githubusercontent.com.
- assets/js/leaderboard.js immediately evals the fetched text in main().
- leaderboard.html loads assets/js/leaderboard.js for browser visitors.
- assets/js/app_functions.js connects to Supabase and loads remote app data into iframes.
- No npm lifecycle hooks, but malicious behavior is runtime-triggered from packaged web page.
- package.json has no install/preinstall/postinstall scripts.
- No child_process, filesystem writes, native binary loading, or AI-agent control-surface writes found.
- Supabase key is an anon browser key pattern, not evidence of credential theft by itself.
Source & flagged code
6 flagged · loading sourcePackage contains a critical-looking secret pattern.
assets/js/app_functions.jsView on unpkg · L3Supabase service role key (JWT) in assets/js/app_functions.js
assets/js/app_functions.jsView on unpkg · L3Source fetches a remote non-code asset, decodes its contents, and dynamically executes the decoded payload.
assets/js/leaderboard.jsView on unpkg · L36Source file is highly similar to a previously finalized malicious package; route for source-aware review.
assets/js/leaderboard.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
prepare-unpkg.ps1View on unpkg