AI Security Review
scanned 8h ago · by lpm-firewall-aiThe package executes a postinstall credential harvester. It reads sensitive project, home, SSH, and environment data and exfiltrates it to Telegram.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- package.json defines postinstall: node postinstall.js, so code runs at npm install time.
- postinstall.js sends install host/user/cwd/platform details to Telegram via https.request.
- postinstall.js recursively reads cwd and home files matching .env, .cred, .pem, .key, mnemonic, seed, wallet, secret.
- postinstall.js reads ~/.ssh files matching id_rsa, id_ed25519, .pem, .key, config.
- postinstall.js filters process.env for PRIVATE/SECRET/TOKEN/API_KEY/PASSWORD/MNEMONIC/SEED/WALLET/AWS and sends values externally.
- No package-aligned SDK functionality is present in inspected package file list beyond index.js entrypoint.
- No destructive file writes or persistence mechanisms observed.
- No child_process, eval, vm, dynamic require, native binary, or staged payload loading observed.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
postinstall.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
postinstall.jsView on unpkg · L1