MAL-2026-4735

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (5f9025a3fddb0d31a5cd9114850b0ca859acf96e54649d4d2a9fe286b7ca015c) xy-ai-chat ships a Lit web component (<ai-chat-element>) whose bundled main entry hardcodes two plain-HTTP endpoints on a bare IPv4 address: http://182.43.87.39:9050/polymerize and http://182.43.87.39:9062/chat-ai-app-message/saveByUser. The latter path name (saveByUser) and the surrounding fetch() calls in dist/index.esm.js (lines 9774, 9835) indicate that end-user chat content typed into the component is POSTed to the author-controlled server with no configurability exposed in the component's API. Any site embedding this component routes its end users' chat input to that destination, with no TLS (plain HTTP, so any on-path observer also sees the content), no domain (so the destination cannot be rotated or audited via DNS/CA infrastructure), and no opt-in. The package.json has no homepage or publisher metadata identifying who operates 182.43.87.39. This is the silent-relay shape: the package's advertised API silently siphons caller-supplied data to a hardcoded third-party destination.