AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a CLI npm wrapper that gates commands behind a documented license check.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs sts CLI command or imports module and calls verify().
Impact
Project token/licenseKey are sent to the vendor license endpoint when the user invokes protected CLI actions.
Mechanism
license verification plus npm/node command wrapper
Rationale
The suspicious primitives are package-aligned: documented license verification and user-invoked npm/node command wrapping. There is no install-time execution, stealth persistence, destructive behavior, remote payload execution, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonREADME.mdbin/sts.js
Network endpoints1
studio.althar.dev/api/access/verify
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with medium false-positive risk.
Evidence for block
- bin/sts.js reads token/licenseKey from the caller project's package.json and sends them to studio.althar.dev for license verification.
- bin/sts.js uses child_process spawn to invoke npm or node for user-requested CLI/script commands.
- bin/sts.js exported verify() uses execSync to run a node -e HTTPS verification helper, but URL is constructed from local license fields.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks.
- Network access is limited to documented license verification endpoint in README.md and bin/sts.js.
- No code writes files, mutates agent/tool configuration, installs persistence, loads native binaries, or fetches remote executable payloads.
- CLI command execution is user-invoked and routes to npm/node with inherited stdio; no captured command output is exfiltrated.
- Only package files present are package.json, README.md, and bin/sts.js.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
3 flagged · loading sourcebin/sts.jsView file
2L3: const { spawn } = require('child_process');
L4: const fs = require('fs');
High
199try {
L200: const url = `https://studio.althar.dev/api/access/verify?key=${encodeURIComponent(licenseKey)}&token=${encodeURIComponent(token)}`;
L201: const script = `const https = require('https'); const readline = require('readline'); const spinnerFrames = ['-', '\\\\', '|', '/']; let frameIndex = 0; let spinnerInterval = null;...
L202: const responseText = require('child_process').execSync(`"${process.execPath}" -e "${script.replace(/\r?\n/g, ' ')}"`, { encoding: 'utf8', stdio: ['pipe', 'pipe', 'inherit'] });
L203:
High
Command Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
bin/sts.jsView on unpkg · L1992L3: const { spawn } = require('child_process');
L4: const fs = require('fs');
L5: const path = require('path');
L6: const https = require('https');
L7: const readline = require('readline');
...
L49: try {
L50: const pkgPath = path.join(process.cwd(), 'package.json');
L51: if (fs.existsSync(pkgPath)) {
L52: const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
L53: if (pkg.scripts && firstArg in pkg.scripts) {
...
L99:
High
Sandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/sts.jsView on unpkg · L2Findings
3 High2 Medium3 Low
HighChild Processbin/sts.js
HighCommand Output Exfiltrationbin/sts.js
HighSandbox Evasion Gated Capabilitybin/sts.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings