AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Network-capable functions are exported browser features activated with caller-supplied repository credentials or source code, rather than import-time behavior.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Consumer explicitly invokes GitHub sync/commit APIs or `runCode` with supplied inputs.
Impact
Can write to the repository authorized by the caller's token or submit caller-provided code to Wandbox; no passive exfiltration or install-time mutation found.
Mechanism
User-directed GitHub repository operations and remote code compilation.
Rationale
The scanner findings map to legitimate browser editor capabilities: fixed local language imports, GitHub syncing, and an explicit remote compiler action. Source inspection found no concrete malicious chain or automatic install/import-time attack behavior.
Evidence
package.jsondist-lib/index.jsdist-lib/editor.jsdist-lib/github.jsdist-lib/sync.jsdist-lib/preload.jsdist-lib/editor-B0kRnzul.js
Network endpoints2
api.github.comwandbox.org/api/compile.json
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
- `package.json` has a `prepare` build hook, not preinstall/install/postinstall.
- `dist-lib/github.js` can PUT content to a caller-specified GitHub repository.
- `dist-lib/editor-B0kRnzul.js` can POST caller-provided code to Wandbox.
Evidence against
- `dist-lib/index.js` only re-exports browser editor, GitHub, sync, and preload APIs.
- `dist-lib/github.js` sends an Authorization token only to `https://api.github.com` for explicit repository operations.
- `dist-lib/editor-B0kRnzul.js` dynamic imports are fixed local language-support chunks.
- `dist-lib/sync.js` uses IndexedDB for local sync state; `preload.js` uses localStorage for editor prediction data.
- The reported invisible Unicode is part of a RegExp that detects control/invisible characters.
- No child-process, eval, environment harvesting, foreign agent-config mutation, binary loading, or stealth persistence was found.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsNetworkShell
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
2 flagged · loading sourcedist-lib/editor-B0kRnzul.jsView file
9183contains invisible/control Unicode U+200B (zero width space)
--<U+200B><U+200E><U+200F>\u2028\u2029<U+202D><U+202E><U+2066><U+2067><U+2069>\uFEFF-]`, Qr), xp = {
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist-lib/editor-B0kRnzul.jsView on unpkg · L9183•Trigger-reachable chain: manifest.exports -> dist-lib/editor.js -> dist-lib/editor-B0kRnzul.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist-lib/editor-B0kRnzul.jsView on unpkgFindings
2 Critical4 Medium4 Low
CriticalTrojan Source Unicodedist-lib/editor-B0kRnzul.js
CriticalTrigger Reachable Dangerous Capabilitydist-lib/editor-B0kRnzul.js
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings