AI Security Review
scanned 15d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package exposes notification helpers that send caller-provided messages via Lark/Telegram and has a nonessential postinstall command.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; runtime API calls occur when consumer invokes exported functions
Impact
Install may run bun outdated; runtime can send messages or upload caller-selected images using configured bot credentials
Mechanism
Lark/Telegram messaging wrapper with documented environment credentials
Rationale
Static source inspection shows package-aligned notifier functionality and a noisy postinstall script, but no concrete credential exfiltration, hidden payload, persistence, destructive action, or unauthorized control-surface mutation. The environment variables are used directly for documented Lark/Telegram message sending.
Evidence
package.jsonREADME.mdlib/index.jslib/lark/index.jslib/lark/helper.jslib/telegram/index.jscaller-supplied filePath in uploadImage
Network endpoints3
api.telegram.org/bot${token}/sendMessagewebhookUrl or process.env.LARK_WEBHOOK_URL@larksuiteoapi/node-sdk API client
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall: bun outdated, an install-time command
- lib/lark/index.js reads LARK_APP_ID/LARK_APP_SECRET/LARK_CHAT_ID/LARK_WEBHOOK_URL/RUN_URL
- lib/telegram/index.js reads TELEGRAM_BOT_TOKEN and TELEGRAM_GROUP_ID
- lib/lark/index.js uploadImage reads caller-supplied filePath
Evidence against
- No obfuscated code, eval, Function, dynamic require/import, child_process, or native binary loading found
- Entrypoints only export Lark/Telegram notification helpers from lib/index.js
- Network use is user-invoked notifier behavior to Telegram, Lark SDK, or caller/env-provided webhook
- No credential harvesting beyond documented service credentials used for API calls
- No persistence, destructive runtime behavior, AI-agent control writes, or package prompt manipulation found
- README documents required Lark and Telegram environment variables
Behavioral surface
EnvironmentVarsFilesystemNetwork
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = bun outdated
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = bun outdated
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowNo License