AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
A consumer explicitly imports and invokes `dist/ssr.js`/`renderPage`, or otherwise calls the Obscura rendering path.
Impact
Can cause the server running the consumer application to request loopback or private-network resources through `node-obscura`.
Mechanism
Private-network SSRF-filter bypass through a browser-scraping dependency.
Rationale
Source inspection found no malicious lifecycle, persistence, credential theft, or exfiltration. However, shipped code contains an intentional private-network SSRF bypass, creating a concrete dangerous capability despite being outside the public entrypoint.
Evidence
package.jsondist/index.jsdist/use-ssr.jsdist/ssr.jsdist/obscura-session.jsdist/url-utils.jsdist/ssr-module-loader.js
Network endpoints1
127.0.0.1.nip.io
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/ssr.js` configures `node-obscura` with private-network access enabled by default.
- `dist/url-utils.js` rewrites loopback hosts to `127.0.0.1.nip.io` to bypass the scraper's loopback filter.
- `dist/obscura-session.js` dynamically loads `node-obscura` and requests URLs supplied to SSR rendering.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Public entrypoint `dist/index.js` exports the separate native SSR implementation in `dist/use-ssr.js`.
- No credential harvesting, shell execution, external exfiltration endpoint, or AI-agent configuration mutation was found.
- `dist/ssr-module-loader.js` writes only a project-local SSR bundle under `dist/.ssr` when explicitly invoked.
Behavioral surface
CryptoDynamicRequireEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/renderer.jsView file
15installSsrGlobals({ url: "http://ssr.local/" });
L16: _mates = await import("mates");
L17: return _mates;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/renderer.jsView on unpkg · L15Findings
2 Medium5 Low
MediumDynamic Requiredist/renderer.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License