AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package has an install-time callback that reports CI and host identifiers to a researcher-controlled endpoint. This is concrete unconsented lifecycle telemetry for dependency-confusion detection.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install / postinstall lifecycle
Impact
CI/project attribution and host metadata are exfiltrated when installed
Mechanism
install-time HTTPS beacon with CI metadata
Attack narrative
On installation, npm runs postinstall.js. The script builds query parameters from npm and CI environment identifiers plus os.hostname(), then sends them to a testingboxes.com callback URL and suppresses errors so install succeeds.
Rationale
Source inspection confirms an unconsented postinstall network beacon that transmits CI/project and host identifiers, matching a dependency-confusion canary rather than inert placeholder code. No broader malware behaviors were found, but install-time exfiltration is enough to block.
Evidence
package.jsonpostinstall.jsREADME.md
Network endpoints1
poc-luminary-npm-1782987043.testingboxes.com/cb/5457161feaa0f110e5790adead3a652e0a2f40773c6cfb40
Decision evidence
public snapshotAI called this Malicious at 96.0% confidence as Malware with low false-positive risk.
Evidence for block
- package.json runs install-time hook: postinstall -> node postinstall.js
- postinstall.js sends HTTPS GET during install to poc-luminary-npm-1782987043.testingboxes.com
- postinstall.js transmits npm package, user-agent, CI, GitHub repository, runner, SHA, ref, workflow, and hostname
- README/package metadata describe this as a dependency-confusion canary for an internal-looking scope
Evidence against
- postinstall.js does not read arbitrary files or secrets by name
- No persistence, shell execution, destructive behavior, or AI-agent control-surface writes found
- Only package files present are package.json, README.md, and postinstall.js
Behavioral surface
EnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings