AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The app performs configured backend API requests and native-app authentication during normal runtime.
Static reason
One or more suspicious static signals were detected.
Trigger
User opens the Vue app in its supported native host or submits the login form.
Impact
Normal application authentication and business API access; no confirmed package-side exfiltration or persistence.
Mechanism
Configured Axios requests plus host-provided token login.
Rationale
Source inspection shows a Vue business application with ordinary configured API/authentication flows. The static network and secret hints are explained by API configuration and a non-secret environment URL; no concrete malicious behavior was found.
Evidence
package.jsonsrc/views/login/index.vuesrc/utils/request.tssrc/utils/auth-token.tssrc/core/mxApi/index.tsplugins/bump-version.tssrc/main.tssrc/core/request/index.tssrc/config/env.tsvite.config.ts.env.development.env.test.env.production
Network endpoints2
10.56.183.104:8090api.example.com
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with medium false-positive risk.
Evidence for block
- Native runtime auto-reads an app token via `MXCommon.getEncryptString` in `src/core/mxApi/index.ts`.
- `src/views/login/index.vue` uses that token for an automatic native-app login request.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Network code in `src/utils/request.ts` is an Axios API client using configured base URLs and authenticated business endpoints.
- The native token path is confined to the declared login flow; no unrelated exfiltration target is present.
- `.env.production` contains a configured API base URL, not an embedded credential.
- No child-process execution, eval/vm use, native binaries, payload archives, or AI-agent control-surface writes were found.
- Build-time filesystem writes in `plugins/bump-version.ts` only version and package the project output.
Behavioral surface
FilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading source.env.productionView file
•patternName = blocked_file
severity = critical
matchedText = .env.production
redactedSecretContext =
secretLikeLines = 0
notes = no secret-like key/value lines found in sampled text
Critical
Findings
1 Critical1 Medium4 Low
CriticalCritical Secret.env.production
MediumNetwork
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings