AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time credential and file exfiltration via npm postinstall. The package has an empty runtime entrypoint and a malicious installer that harvests secrets.
Decision evidence
public snapshot- package.json defines install-time hook: postinstall runs node postinstall.js.
- postinstall.js sends install host/user/cwd/platform data to Telegram during installation.
- postinstall.js recursively reads sensitive files from process.cwd(), os.homedir(), and ~/.ssh.
- postinstall.js filters process.env for SECRET/TOKEN/API_KEY/PASSWORD/AWS and sends values externally.
- index.js is empty, offering no legitimate SDK behavior to justify the install hook.
- No destructive file writes or persistence found.
- No child_process, eval, dynamic require, or native binary loading found.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
postinstall.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
postinstall.jsView on unpkg · L1