AI Security Review
scanned 8h ago · by lpm-firewall-aiAutomatic postinstall credential harvesting and exfiltration. The package has no meaningful runtime SDK behavior to justify this access.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- package.json defines install-time postinstall: node postinstall.js
- postinstall.js hardcodes Telegram bot token/chat id and POSTs to api.telegram.org
- postinstall.js sends hostname, username, cwd, and platform on install
- postinstall.js scans process.cwd(), os.homedir(), and ~/.ssh for .env, key, mnemonic, seed, wallet, secret files
- postinstall.js reads matching files and sends their contents in chunks
- postinstall.js filters process.env for PRIVATE/SECRET/TOKEN/API_KEY/PASSWORD/MNEMONIC/SEED/WALLET/AWS vars and sends values
- index.js only exports an empty object
- No legitimate SDK functionality observed in package files
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
postinstall.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
postinstall.jsView on unpkg · L1