AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a React workflow editor/viewer that performs user-invoked workflow API calls to a consumer-configured backend.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing/rendering components and clicking save/publish or loading viewer data.
Impact
No evidence of credential theft, persistence, destructive behavior, or unsolicited external exfiltration.
Mechanism
package-aligned React UI with axios workflow API calls
Rationale
Static inspection shows risky primitives are aligned with documented workflow component behavior and require runtime use of the UI with a caller-provided backend. No install-time execution, hidden host, harvesting, shell execution, or AI-agent control-surface mutation was found.
Evidence
package.jsonREADME.mddist/workflow-components.es.jsdist/workflow-components.umd.jsdist/mockServiceWorker.jsdist/index.d.ts
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/workflow-components.es.js uses axios at runtime against caller-provided baseUrl for workflow APIs.
- dist/workflow-components.es.js uses localStorage key startNode and window.parent.postMessage on publish.
Evidence against
- package.json has no install/preinstall/postinstall/prepare lifecycle hooks.
- Entrypoints are React component bundles exporting WorkflowComponents and WorkflowViewerComponents.
- Network calls are documented workflow backend paths in README.md and use caller-supplied baseUrl/customHeaders, not a hardcoded exfiltration host.
- No child_process/fs/native loading/credential harvesting patterns found in inspected package source.
- Bidi/invisible Unicode search over entrypoints found no matches despite scanner hint.
- dist/mockServiceWorker.js is the standard MSW worker and only proxies active mock clients.
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsMinifiedUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/workflow-components.es.jsView file
37606contains invisible/control Unicode U+200C (zero width non-joiner)
position: relative<U+200C>;
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/workflow-components.es.jsView on unpkg · L37606dist/workflow-components.umd.jsView file
•Trigger-reachable chain: manifest.main -> dist/workflow-components.umd.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/workflow-components.umd.jsView on unpkgFindings
2 Critical3 Medium4 Low
CriticalTrojan Source Unicodedist/workflow-components.es.js
CriticalTrigger Reachable Dangerous Capabilitydist/workflow-components.umd.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License