AI Security Review
scanned 6d ago · by lpm-firewall-aiNo source-grounded verdict established.
Static reason
No blocking static signals were detected.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
This response is invalid because source files were not inspected first.
Decision evidence
public snapshotAI called this Manual Review at 0.0% confidence as Unknown with high false-positive risk.
Evidence for warning
Evidence against
- Inspection could not be performed in this turn due to an invalid premature finalization attempt.
Behavioral surface
ChildProcessCryptoEvalFilesystem
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcedist/plugin/index.jsView file
4213].join("\n");
L4214: const fn = new Function("input", "_pos", "_rp", "_mf", "_build", "_ctx", [
L4215: ...emptyTlDecls,
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/plugin/index.jsView on unpkg · L4213666re.lastIndex = 0;
L667: const m = re.exec(lit + String.fromCharCode(code));
L668: if (m && m[0].length > lit.length) contCodes.push(code);
...
L2889: return false;
L2890: // node() captures into its own private buffers and rolls them back on
L2891: // failure (emitNode restores _ctx.* and never pushes on the !ok path).
...
L4213: ].join("\n");
L4214: const fn = new Function("input", "_pos", "_rp", "_mf", "_build", "_ctx", [
L4215: ...emptyTlDecls,
...
L5140: const r = parseSync(filePath, src);
L5141: if (r.errors.length === 0) parsed = { body: r.program.body, src };
L5142: } catch {
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/plugin/index.jsView on unpkg · L666Findings
6 Low
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/plugin/index.js
LowWeak Cryptodist/plugin/index.js
LowFilesystem
LowHigh Entropy Strings