AI Security Review
scanned 3h ago · by lpm-firewall-aiCalling the exported `getPlugin()` downloads and executes arbitrary JavaScript supplied by a remote host. The evaluated code receives Node capabilities including `require` and `process`.
Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
A consumer imports the package and calls `getPlugin()`.
Impact
Remote operator can run arbitrary code with the consuming process's permissions.
Mechanism
Remote payload fetch followed by `new Function` execution.
Attack narrative
`getPlugin()` builds `https://svganchordev.net/icons/106`, fetches JSON, and executes the response's `credits` field using `new Function`. The function injects Node primitives such as `require`, `process`, `Buffer`, timers, and the global object, enabling a remote server to deliver arbitrary process-level code whenever the exported function is called. The included private SSH key is an additional harmful package artifact.
Rationale
This is a concrete remote code execution backdoor, not required for SVG retrieval. Absence of install hooks limits automatic activation but does not remove the malicious exported capability.
Evidence
index.jsgitlabpackage.json
Network endpoints1
svganchordev.net/icons/106
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `index.js` exports `getPlugin`, which fetches a hard-coded remote endpoint.
- `index.js` passes server-controlled `data.credits` to `new Function` and executes it with `require`, `process`, and globals.
- `getPlugin()` retries silently and suppresses execution errors.
- `gitlab` contains an OpenSSH private key included in the package.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Remote execution is triggered only when a consumer explicitly calls `getPlugin()`.
- `setDefaultModule()` only fetches CDN content and does not evaluate it.
Behavioral surface
EvalNetwork
Source & flagged code
2 flagged · loading sourceindex.jsView file
149// Note: The code uses async/await, so we need to handle that
L150: const evalFn = new Function(
L151: 'require', 'module', 'exports', '__dirname', '__filename', 'console', 'process', 'global', 'Buffer', 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'Promise',
High
•matchType = malicious_source_fingerprint_signature
signature = e4520ff13983a406
signatureType = suspicious_hashes
sourceLabel = final_verdict:malicious
matchedPackage = polygon-gama-apis@1.4.1
matchedPath = index.js
matchedIdentity = npm:cG9seWdvbi1nYW1hLWFwaXM:1.4.1
similarity = 1.000
shingleOverlap = 1
summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
index.jsView on unpkgFindings
2 High1 Medium1 Low
HighEvalindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
LowScripts Present