registry  /  meyi-insight-server-dev  /  1.0.15

meyi-insight-server-dev@1.0.15

AI-powered Root Cause Analysis server — drop-in Express backend for MeyiConnect Insight plugin

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The public webhook endpoint can issue a server-side GET request to an arbitrary URL supplied in an SNS-shaped request. This is a concrete SSRF primitive, not an install-time payload.

Static reason
No blocking static signals were detected.
Trigger
Unauthenticated POST to `/insight/webhook/:token` with `x-amz-sns-message-type: SubscriptionConfirmation` and `SubscribeURL`.
Impact
May reach internal or otherwise restricted HTTP services from the deployed server network.
Mechanism
Attacker-controlled server-side fetch before webhook-token validation.
Rationale
The package is not malicious at install or import time, but it exposes a concrete unauthenticated SSRF vulnerability in its runtime webhook handler. Downgrade to warn until the handler validates SNS confirmations and restricts the target URL.
Evidence
package.jsondist/routes/index.jsdist/controllers/webhook.controller.jsdist/server.jsdist/standalone.jsdist/services/incident.service.jsdist/services/sop.service.jsdist/services/workflow.service.jsdist/features/connectors/prometheus/controller.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • Public webhook route accepts unauthenticated requests.
  • Webhook handler fetches attacker-controlled `body.SubscribeURL` before token validation.
  • No URL allowlist, hostname validation, or private-address block is present for `SubscribeURL`.
Evidence against
  • `package.json` has no install, preinstall, or postinstall hook.
  • Imports only export/create server components; startup occurs through explicit `createInsight().start()`.
  • No child-process, eval, native-binary loading, or package filesystem mutation found.
  • Other outbound calls implement configured AI, notification, Datadog, AWS, and connector integrations.
  • No credential harvesting or exfiltration path beyond configured service integrations was found.
Behavioral surface
Source
CryptoEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 94 file(s), 529 KB of source, external domains: 127.0.0.1, adaptivecards.io, api.ap1.datadoghq.com, api.ap2.datadoghq.com, api.datadoghq.com, api.datadoghq.eu, api.ddog-gov.com, api.us2.ddog-gov.com, api.us3.datadoghq.com, api.us5.datadoghq.com

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

5 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License