AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a CLI scanner that reads a target project when invoked and writes local reports under .periderm, with optional dashboard upload after authentication.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs periderm commands such as scan, review, login, or watch
Impact
No install-time execution, persistence, destructive behavior, or unconsented credential exfiltration identified.
Mechanism
User-invoked static analysis CLI with authenticated API calls
Rationale
Static inspection shows scanner and CLI behavior consistent with the package purpose; suspicious strings in dist/scanner/checks.js are detection patterns and AI repair prompts for user projects. Network and file writes occur on user-invoked commands and are aligned with authentication, update checks, reporting, and local scan output.
Evidence
package.jsondist/bin.jsdist/index.jsdist/api.jsdist/config.jsdist/update-notifier.jsdist/error-report.jsdist/scanner/checks.js.periderm/last-report.md.periderm/last-report.json.periderm/ai-instructions.md
Network endpoints3
registry.npmjs.org/${name}/latestperiderm-cli.vercel.appformspree.io/f/mqakppnn
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall hooks; only a user-invoked bin entrypoint.
- dist/bin.js only starts update check, exception handlers, then imports CLI index.
- dist/index.js writes reports under the scanned project .periderm directory during user-invoked scan/review commands.
- Network calls are package-aligned: npm registry update check, Periderm API, and error reporting on command failures.
- dist/scanner/checks.js contains scanner rules for detecting env leaks/secrets in target source, not credential harvesting by this package.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/scanner/checks.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = periderm-cli@0.1.27
matchedIdentity = npm:cGVyaWRlcm0tY2xp:0.1.27
similarity = 0.850
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/scanner/checks.jsView on unpkgFindings
1 Critical2 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/scanner/checks.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings