AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network access is package-aligned web search/fetch functionality and includes SSRF and content sanitization controls.
Decision evidence
public snapshot- extensions/index.ts import-time creates/reads extensions/safe-search.json config if missing
- extensions/search.ts performs user-invoked fetch to https://html.duckduckgo.com/html/
- extensions/fetch.ts fetches user-provided http/https URLs at runtime
- package.json has no install/preinstall/postinstall lifecycle hooks and no dependencies
- extensions/fetch.ts validates scheme, blocks private/link-local/reserved IP ranges and risky ports, and revalidates redirects
- extensions/sanitize.ts invisible Unicode characters are inside a ZERO_WIDTH regex for removal, not hidden control flow
- test.mjs references 169.254.169.254 only as a blocked SSRF test case
- No child_process, eval/vm/Function, credential/env harvesting, persistence, destructive behavior, or binary loading found
- README.md describes package behavior; no reviewer-directed instruction or verdict manipulation found
Source & flagged code
3 flagged · loading sourcePackage text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkgSource reaches cloud instance metadata or link-local credential endpoints.
test.mjsView on unpkg · L10Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
extensions/sanitize.tsView on unpkg · L4