AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a browser video rendering/export SDK with asset fetching and user-invoked media export behavior.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Runtime import and user calls such as VideoCoreSDK.init(), loadFFmpeg(), or MovieEncoding.run().
Impact
Expected rendering/export behavior; no evidence of exfiltration, persistence, or unauthorized mutation.
Mechanism
Browser media rendering, asset fetch, ffmpeg WASM processing, and user-directed export
Rationale
Static inspection shows a bundled front-end video SDK whose network and file-like primitives are aligned with loading media/assets and exporting generated video/audio. There are no lifecycle hooks, credential collection, install/import-time mutation, or concrete malicious behavior.
Evidence
package.jsonREADME.mdvideo-core-sdk.js
Network endpoints4
cdn.h5ds.comcdn.h5ds.com/assets/effectcanvas/cdn.h5ds.com/assets/images/404.pngvideo.h5ds.com
Decision evidence
public snapshotAI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
- video-core-sdk.js references fetch/XMLHttpRequest and h5ds CDN URLs for media/assets.
- video-core-sdk.js includes ffmpeg WASM helpers using writeFile/readFile/deleteFile on the ffmpeg virtual filesystem.
- video-core-sdk.js uses browser save/download APIs for exported mp4/mp3 output.
Evidence against
- package.json has no lifecycle scripts or bin entry; main is video-core-sdk.js.
- README.md describes a front-end video rendering SDK using canvas/webgl/webcodecs/ffmpeg.
- Network URLs are package-aligned assets/docs/CDN endpoints: cdn.h5ds.com and video.h5ds.com.
- No child_process usage, credential/env harvesting, persistence, destructive project-file writes, or install-time execution found.
- Protestware keywords are noisy matches inside minified rendering code names like stop/war/delete/remove, not political or sabotage logic.
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical1 Medium6 Low
CriticalProtestware
MediumNetwork
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowAi Review Evidence
LowAi Review Evidence
LowAi Review Evidence