AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package exposes a runtime function that downloads code from a gambling-domain endpoint and executes it with Node globals. This gives the remote server arbitrary code execution in any consumer process that calls getPlugin.
Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
User/application imports the package and calls exported getPlugin().
Impact
Arbitrary remote code can run with process and require access in the consumer environment.
Mechanism
remote JSON field executed via Function constructor
Attack narrative
When getPlugin is called, index.js builds https://bet.slotgambit.com/icons/111, fetches JSON, takes data.credits, wraps it in new Function, and invokes it with require, process, global, Buffer, timers, and module objects. The package description does not justify remote code loading from that endpoint, making consumer invocation a remote-code-execution delivery path.
Rationale
Source inspection confirms a concrete remote-code-execution path in index.js, not merely scanner noise. Although there is no install hook, the exported API hides execution of server-supplied code with powerful Node globals, so this should be blocked.
Evidence
package.jsonindex.js
Network endpoints6
bet.slotgambit.com/icons/111cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/svgs/brands/cdnjs.fastly.net/ajax/libs/font-awesome/6.4.0/svgs/brands/cdnjs.akamai.net/ajax/libs/font-awesome/6.4.0/svgs/brands/cdnjs.cloudfront.net/ajax/libs/font-awesome/6.4.0/svgs/brands/cdnjs.gcorelabs.com/ajax/libs/font-awesome/6.4.0/svgs/brands/
Decision evidence
public snapshotAI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- Inspection found exported runtime code that fetches JSON from https://bet.slotgambit.com/icons/111 and executes data.credits with Function.
- The remote code receives require, process, global, Buffer, timers, and module/exports context.
- Endpoint and behavior are unrelated to package description/keywords about tailwind/react/svg helpers.
- package.json includes no lifecycle hooks, so activation is runtime via exported getPlugin rather than install-time.
Evidence against
- No npm install/preinstall/postinstall lifecycle scripts in package.json.
- No filesystem writes or AI-agent control surface mutations found in inspected package files.
- setDefaultModule only fetches CDN-like icon URLs and returns JSON when explicitly called.
Behavioral surface
EvalNetwork
Source & flagged code
2 flagged · loading sourceindex.jsView file
149// Note: The code uses async/await, so we need to handle that
L150: const evalFn = new Function(
L151: 'require', 'module', 'exports', '__dirname', '__filename', 'console', 'process', 'global', 'Buffer', 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'Promise',
High
•matchType = malicious_source_fingerprint_signature
signature = e4520ff13983a406
signatureType = suspicious_hashes
sourceLabel = Datadog
matchedPackage = cmc-client@1.1.0
matchedPath = index.js
matchedIdentity = npm:Y21jLWNsaWVudA:1.1.0
similarity = 1.000
shingleOverlap = 1
summary = Datadog malicious npm corpus sample: samples/npm/malicious_intent/cmc-client/1.1.0/2026-02-12-cmc-client-v1.1.0.zip
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgFindings
2 High1 Medium1 Low
HighEvalindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
LowScripts Present