AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time credential and file exfiltration is implemented directly in postinstall.js. It targets project, home, SSH, and environment secrets and sends them to Telegram.
Decision evidence
public snapshot- package.json defines postinstall: node postinstall.js
- postinstall.js sends install host/user/cwd/platform to Telegram Bot API
- postinstall.js scans process.cwd(), os.homedir(), and ~/.ssh for .env, key, wallet, seed, mnemonic, secret files
- postinstall.js reads matching files with fs.readFileSync and sends chunks to Telegram
- postinstall.js filters process.env for SECRET/TOKEN/API_KEY/PASSWORD/AWS and exfiltrates values
- index.js only exports an empty object
- No dependency or binary loading beyond Node built-ins observed
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
postinstall.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
postinstall.jsView on unpkg · L1