AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The server framework dynamically imports host-project configuration and compiles JavaScript from its own Vome module/plugin store. No package-install-time execution or confirmed exfiltration endpoint is present.
Static reason
One or more suspicious static signals were detected.
Trigger
A host application imports `vome-core/server` and starts/scans Vome modules or plugins.
Impact
A party able to place code in the Vome module store could obtain code execution in the host application's process.
Mechanism
Local plugin/module source is transformed and evaluated with `new Function`.
Rationale
No concrete malicious chain is established, but obfuscation plus automatic evaluation of persisted local extension code creates unresolved lifecycle risk. Warn rather than block because the capability is package-aligned and no unconsented install-time mutation or exfiltration is shown.
Evidence
package.jsondist/index.jsdist/server/index.jsdist/src/ext/load-plugin.d.tsdist/src/ext/module-registry.d.tsdist/src/ext/path.d.ts~/.vome/{hash}/modules/{key}/server/index.js
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/server/index.js` uses `new Function` for plugin/module handler source.
- Plugin declarations identify a persistent `~/.vome/.../modules` code store.
- `dist/index.js` and server/admin artifacts are deliberately obfuscated.
- Importing `vome-core/server` loads host configuration from the project.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- No outbound HTTP client API was found in `dist/index.js` or `dist/server/index.js`.
- No credential-harvesting, AI-agent config, shell-spawn, or destructive primitive was found.
- Dynamic execution is scoped to the package's documented plugin/module framework.
Behavioral surface
DynamicRequireNetwork
HighEntropyStringsMinifiedObfuscated
WildcardDependency
Source & flagged code
3 flagged · loading sourcedist/server/index.jsView file
1const _0x4727c2=_0x1a3d;(function(_0x1fa943,_0x5277dc){const _0x80a20e=_0x1a3d,_0x572732=_0x1fa943();while(!![]){try{const _0x54e8d2=parseInt(_0x80a20e(0x383))/0x1*(parseInt(_0x80a...
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/server/index.jsView on unpkg · L1dist/admin/directives/perm.jsView file
1function _0x252e(_0x543436,_0x40f477){_0x543436=_0x543436-0x7e;const _0x551b59=_0x551b();let _0x252e0b=_0x551b59[_0x543436];if(_0x252e['tPAfMX']===undefined){var _0x44cd2b=function...
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/admin/directives/perm.jsView on unpkg · L1dist/admin/static/fileicon/iconfont.woffView file
•path = [redacted].woff
kind = high_entropy_blob
sizeBytes = 4228
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
dist/admin/static/fileicon/iconfont.woffView on unpkgFindings
3 High4 Medium3 Low
HighObfuscated Payload Loaderdist/admin/directives/perm.js
HighObfuscated
HighShips High Entropy Blobdist/admin/static/fileicon/iconfont.woff
MediumDynamic Requiredist/server/index.js
MediumNetwork
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings