AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The observed network and file APIs are browser media loading, CDN fallback assets, ffmpeg wasm loading, and user-invoked export output for a video SDK.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Runtime SDK initialization, media loading, loadFFmpeg, or video/audio export methods.
Impact
Expected resource download and user-directed video/audio output; no evidence of exfiltration or unauthorized mutation.
Mechanism
Browser media rendering/encoding with fetch/XMLHttpRequest and WebCodecs/ffmpeg-wasm.
Rationale
Static source inspection shows a large minified browser video SDK bundle whose suspicious primitives are aligned with media loading and export functionality. Scanner protestware/network hints appear noisy; no concrete malicious behavior was found.
Evidence
package.jsonREADME.mdvideo-core-sdk.js
Network endpoints5
cdn.h5ds.comcdn.h5ds.com/assets/effectcanvas/cdn.h5ds.com/assets/images/404.pngvideo.h5ds.comvideo.h5ds.com/docs/sdk/core.html
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no lifecycle scripts, bin, or install hooks; main is video-core-sdk.js.
- README describes a browser video rendering SDK using Canvas/WebCodecs/WebGL/ffmpeg.
- video-core-sdk.js is a minified browser bundle importing React and exporting VideoCoreSDK/MovieEncoding/loadFFmpeg.
- Network use is package-aligned: media/resource fetches, CDN defaults, and ffmpeg wasm asset loading.
- File writes are user/runtime export flows: showSaveFilePicker or caller-provided nodeFileStreamWrite for rendered video output.
- No credential/env harvesting, npmrc/SSH access, child_process, persistence, destructive project writes, or AI-agent control-surface mutation found.
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical1 Medium3 Low
CriticalProtestware
MediumNetwork
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings