AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a browser video rendering SDK with user-invoked media loading and encoding behavior.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Consumer imports the package and calls exported SDK APIs.
Impact
No credential harvesting, install-time execution, persistence, or destructive action identified.
Mechanism
browser media rendering and user-invoked asset fetches
Rationale
Static source inspection supports a benign browser video SDK; suspicious primitives are aligned with media loading/encoding and are user-invoked. The manifest main points to a missing non-minified filename, but that is a packaging quality issue rather than malicious behavior.
Evidence
package.jsonREADME.mdvideo-core-sdk.d.tsvideoCoreSDK.react.es.min.jstypes/react-pixi/utils/utils.d.ts
Network endpoints5
video.h5ds.comvideo.h5ds.com/docs/sdk/core.htmlcdn.h5ds.comcdn.h5ds.com/assets/images/404.pngcdn.h5ds.com/assets/effectcanvas/
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no lifecycle scripts, bin, dependencies, or install hooks.
- Published files are README, types, package.json, and one bundled browser ESM file.
- Bundle exports React/Pixi video rendering, encoding, FFmpeg helpers, and types matching README purpose.
- Network use is fetch/CDN loading for media, workers, FFmpeg/effect assets, or user-provided URLs; no exfil endpoint found.
- No child_process, fs file harvesting, process.env credential access, persistence, destructive behavior, or AI-agent control writes found.
- Scanner protestware hint appears noisy; inspected source has no protest/destructive logic.
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical1 Medium3 Low
CriticalProtestware
MediumNetwork
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings