AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a bundled browser video SDK that fetches media/CDN assets and can write exported video through user-invoked browser/server rendering flows.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports SDK and invokes rendering/export APIs.
Impact
Expected video rendering/export behavior; no confirmed credential theft, install-time execution, or persistence.
Mechanism
Browser media rendering, asset fetching, and ffmpeg WASM export helpers
Rationale
Static inspection found a large minified browser SDK with package-aligned network and media/export APIs, but no install-time code, exfiltration, credential/file harvesting, destructive behavior, or persistence. Scanner protestware/network labels are noisy against bundled shader/library comments and expected CDN/media functionality.
Evidence
package.jsonvideo-core-sdk.jsREADME.md
Network endpoints5
cdn.h5ds.comcdn.h5ds.com/assets/effectcanvas/cdn.h5ds.com/assets/images/404.pngvideo.h5ds.comvideo.h5ds.com/docs/sdk/core.html
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
- video-core-sdk.js contains browser fetch/XMLHttpRequest and ffmpeg WASM file APIs.
- video-core-sdk.js assigns exports to window.VideoCoreSDKExport at import time.
Evidence against
- package.json has no lifecycle scripts and only main: video-core-sdk.js.
- README.md describes a browser video rendering SDK using WebCodecs, ffmpeg, and WebGL.
- Network URLs are package-aligned CDN/docs/resources: cdn.h5ds.com and video.h5ds.com.
- No child_process, credential harvesting, persistence, destructive filesystem access, or AI-agent control-surface writes found.
- The protestware hint appears attributable to bundled shader/comment text and unrelated URL strings, not active sabotage logic.
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical1 Medium5 Low
CriticalProtestware
MediumNetwork
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowAi Review Evidence
LowAi Review Evidence