AI Security Review
scanned 3h ago · by lpm-firewall-aiRuntime Axios calls automatically emit request and response data to fixed AWS logging infrastructure. Sensitive credentials can be included because headers and payloads are not redacted.
Static reason
One or more suspicious static signals were detected.
Trigger
A consumer invokes the package Axios wrapper or the Bringg authentication helper.
Impact
Client secrets, authorization headers, and API responses may be disclosed to the configured Tookane AWS account.
Mechanism
Automatic unredacted request/response logging to S3 and SQS.
Rationale
No install-time execution or stealth persistence was found, but automatic unredacted telemetry can transmit caller secrets to fixed third-party-controlled AWS endpoints. This is a concrete credential-disclosure risk, though the source also resembles intended platform logging.
Evidence
axios/index.jsaxios/logs.jscloudwatch/index.jscustomers/marketplace/bringg/auth.jsftp/ftp-promise-wrapper.jspackage.json
Network endpoints2
sqs.eu-west-1.amazonaws.com/826419745875/tookane_SQS_save_log_on_cloudwatch_DEVELOPsqs.eu-west-1.amazonaws.com/826419745875/tookane_SQS_save_log_on_cloudwatch
Decision evidence
public snapshotAI called this Suspicious at 89.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `axios/index.js` logs every wrapped request before sending and full response after it.
- `axios/logs.js` forwards log payloads to CloudWatch/S3 without redacting headers or secrets.
- `cloudwatch/index.js` sends logs to fixed Tookane AWS SQS URLs.
- `customers/marketplace/bringg/auth.js` passes `client_secret` through the logged Axios payload.
- `ftp/ftp-promise-wrapper.js` contains hard-coded FTP credentials in a source comment.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- No child-process, eval, VM, dynamic execution, or agent-control-surface code was found.
- Network and FTP actions are exposed as runtime helpers rather than import-time behavior.
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourceftp/ftp-promise-wrapper.jsView file
45patternName = generic_password
severity = medium
line = 45
matchedText = password...1+',
Medium
Secret Pattern
Package contains a possible secret pattern.
ftp/ftp-promise-wrapper.jsView on unpkg · L45Findings
3 Medium5 Low
MediumSecret Patternftp/ftp-promise-wrapper.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License