AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Importing the package defines a browser web component; connecting it initializes embedded markdown WebAssembly and renders local input.
Static reason
One or more suspicious static signals were detected.
Trigger
Consumer imports the module and attaches `<maerkchen-editor>` to a browser document.
Impact
Processes user-supplied markdown locally; no confirmed exfiltration, persistence, or system mutation.
Mechanism
Local Lit markdown editor with embedded WebAssembly parsing.
Rationale
The scanner's network and secret signals resolve to bundled wasm-bindgen loader code and an embedded WebAssembly data URL, not a credential or remote payload. Source inspection shows a package-aligned browser markdown editor with no install-time execution or concrete attack behavior.
Evidence
package.jsonREADME.mddist/main.jsdist/main.d.ts
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` has no preinstall/install/postinstall hooks or CLI entrypoint.
- `dist/main.js` exports a Lit `<maerkchen-editor>` and markdown parse/sanitize functions.
- The flagged `fetch` is wasm-bindgen's optional loader path; default initialization uses an embedded `data:application/wasm` payload.
- No credential, environment, filesystem, child-process, eval, or remote endpoint behavior found.
- `README.md` describes the same browser markdown-editor purpose.
Behavioral surface
ChildProcessNetwork
MinifiedUrlStrings
Source & flagged code
2 flagged · loading sourcedist/main.jsView file
441patternName = aws_access_key
severity = critical
line = 441
matchedText = e !== vo...l));
Critical
441patternName = aws_access_key
severity = critical
line = 441
matchedText = e !== vo...l));
Critical
Findings
2 Critical1 Medium2 Low
CriticalCritical Secretdist/main.js
CriticalSecret Patterndist/main.js
MediumNetwork
LowScripts Present
LowUrl Strings