AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky primitives are browser/media SDK functionality and require application/user invocation, not install-time execution.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Application imports/uses the SDK to render or export video in a browser-like environment.
Impact
Expected video rendering/export behavior; no source-grounded exfiltration or compromise path found.
Mechanism
frontend media rendering, asset fetch, ffmpeg wasm, user-selected file export
Rationale
Static inspection shows a bundled frontend video SDK with package-aligned network access and user-invoked file export, while scanner protestware/network hints appear to be noisy matches from URLs/comments and media code. No concrete malicious install-time, import-time, exfiltration, persistence, or destructive behavior was found.
Evidence
package.jsonREADME.mdvideoCoreSDK.react.es.min.js
Network endpoints5
cdn.h5ds.comcdn.h5ds.com/assets/effectcanvas/cdn.h5ds.com/assets/images/404.pngvideo.h5ds.comvideo.h5ds.com/docs/sdk/core.html
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- Browser bundle uses fetch/FileSystem APIs for media loading, ffmpeg wasm loading, and user-initiated export output.
- Manifest main points to videoCoreSDK.react.es.js, but package contains videoCoreSDK.react.es.min.js.
Evidence against
- package.json has no lifecycle scripts or bin entries.
- README describes a frontend video rendering SDK using Canvas, WebCodecs, ffmpeg, and WebGL.
- videoCoreSDK.react.es.min.js exports React/browser video rendering classes and attaches window.VideoCoreSDKExport.
- Network URLs are package-aligned CDN/docs/assets: h5ds.com/cdn.h5ds.com plus shader/source attribution comments.
- No credential/env harvesting, child_process, persistence, destructive install behavior, or AI-agent control writes found.
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical1 Medium5 Low
CriticalProtestware
MediumNetwork
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowAi Review Evidence
LowAi Review Evidence