AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network behavior is a documented workflow editor/viewer feature using the host app's configured backend.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Rendering/using exported React components
Impact
workflow data exchange with application backend chosen by caller
Mechanism
axios calls to caller-provided baseUrl workflow APIs
Rationale
Static source inspection shows a React workflow component library with no lifecycle execution, hidden exfiltration endpoint, credential harvesting, persistence, or destructive behavior. Scanner findings are explained by bundled dependencies and documented browser component behavior.
Evidence
package.jsonREADME.mddist/workflow-components.es.jsdist/workflow-components.umd.jsdist/mockServiceWorker.jslocalStorage:startNode
Network endpoints1
api.example.com
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks
- Entrypoints are dist React component bundles exporting WorkflowComponents/WorkflowViewerComponents
- README documents caller-supplied baseUrl and workflow API routes
- Bundled axios calls use configured baseURL plus /bpmn/* paths
- No bidi/invisible Unicode controls found in bundled JS
- Dangerous-looking primitives are from bundled dependencies/MSW worker
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsMinifiedUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/workflow-components.es.jsView file
37606contains invisible/control Unicode U+200C (zero width non-joiner)
position: relative<U+200C>;
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/workflow-components.es.jsView on unpkg · L37606dist/workflow-components.umd.jsView file
•Trigger-reachable chain: manifest.main -> dist/workflow-components.umd.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/workflow-components.umd.jsView on unpkgFindings
2 Critical3 Medium4 Low
CriticalTrojan Source Unicodedist/workflow-components.es.js
CriticalTrigger Reachable Dangerous Capabilitydist/workflow-components.umd.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License