AI Security Review
scanned 3h ago · by lpm-firewall-aiThe optional WhatsApp bridge starts an unauthenticated WebSocket command listener. Any client able to reach that listener can request outbound WhatsApp messages after the account is linked.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User explicitly builds and starts the nested bridge service.
Impact
Unauthorized parties on a reachable listener could send messages through the linked WhatsApp account.
Mechanism
Unauthenticated WebSocket-to-WhatsApp message relay.
Rationale
No malicious install-time or covert behavior was confirmed. The unauthenticated messaging bridge is nevertheless a concrete security risk that warrants a warning.
Evidence
package.jsonbridge/package.jsonbridge/src/index.tsbridge/src/server.tsbridge/src/whatsapp.tsdist/cli/launcher/index.jsui-dist/assets/aiden0z-pptx-renderer.es-D87ywFdC.js
Network endpoints1
ws://localhost:3001
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
- bridge/src/server.ts opens a WebSocket server with no host or authentication.
- bridge/src/server.ts parses each client message and forwards type:"send" to WhatsApp.
- bridge/src/whatsapp.ts sends caller-supplied recipient and text through the linked WhatsApp account.
Evidence against
- package.json has no preinstall/install/postinstall/prepare lifecycle hook.
- Root CLI launcher only initializes the package runtime from process.argv.
- Bridge execution is explicit via bridge/package.json start, not install- or import-time.
- No source reads foreign AI-agent configs or performs credential exfiltration.
- Flagged UI asset contains a normal dynamic PDF-module import; no bidi control was confirmed by direct scan.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Source & flagged code
2 flagged · loading sourceui-dist/assets/aiden0z-pptx-renderer.es-D87ywFdC.jsView file
23contains invisible/control Unicode U+200B (zero width space)
`){let e=u.endParaRPr.numAttr(`sz`);if(e!==void 0){let t=document.createElement(`span`);t.textContent=`<U+200B>`,t.style.fontSize=`${e/100*o}pt`,(k??m).appendChild(t)}}r.appendChild(m)}}function LH(e){let t=0,n=0;for(let r of e.allChildren(
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
ui-dist/assets/aiden0z-pptx-renderer.es-D87ywFdC.jsView on unpkg · L2336if (!pdfjsLib) {
L37: pdfjsLib = await import(pdfjsUrl);
L38: pdfjsLib.GlobalWorkerOptions.workerSrc = pdfWorkerUrl;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
ui-dist/assets/aiden0z-pptx-renderer.es-D87ywFdC.jsView on unpkg · L36Findings
1 Critical5 Medium5 Low
CriticalTrojan Source Unicodeui-dist/assets/aiden0z-pptx-renderer.es-D87ywFdC.js
MediumDynamic Requireui-dist/assets/aiden0z-pptx-renderer.es-D87ywFdC.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings