AI Security Review
scanned 4h ago · by lpm-firewall-aiThe ESM entrypoint loads modified Axios source that fingerprints the local system on GET requests. It sends the fingerprint without user opt-in to a fixed local HTTP endpoint.
Static reason
No blocking static signals were detected.
Trigger
An application imports the ESM entrypoint and makes an Axios GET request.
Impact
Leaks local username and system/process metadata to a service listening on the user's loopback interface.
Mechanism
Unconsented host fingerprint collection and HTTP POST telemetry.
Attack narrative
The ESM package entrypoint imports `lib/axios.js`, which reaches the modified `Axios._request` implementation. For every GET request, that code collects host, OS, hardware, username, Node runtime, and process metadata, then posts it to a hard-coded loopback receiver at `127.0.0.1:5000/report`. This behavior is unrelated to an HTTP client’s requested destination, has no opt-in, and is scoped to the ESM path rather than the bundled CJS path.
Rationale
Source inspection confirms a concrete, unconsented data-collection and transmission path activated by normal GET usage. The absence of install hooks does not mitigate the runtime exfiltration behavior.
Evidence
index.jslib/core/Axios.jslib/helpers/readJson.jslib/helpers/telemetry.jspackage.json
Network endpoints1
127.0.0.1:5000/report
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `lib/core/Axios.js` imports unadvertised telemetry helpers.
- Every GET calls `sendTelemetry(readJson())` at `lib/core/Axios.js:152`.
- `lib/helpers/readJson.js` collects hostname, OS, CPU/memory, username, Node version, and PID.
- `lib/helpers/telemetry.js` POSTs collected data to `127.0.0.1:5000/report`.
- `index.js` routes ESM consumers to the altered `lib/` source.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- The packaged CJS bundle does not contain the telemetry helper path.
Behavioral surface
ChildProcessCryptoEnvironmentVarsNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
2 flagged · loading sourceREADME.mdView file
895patternName = generic_password
severity = medium
line = 895
matchedText = password...ret'
Medium
1079patternName = generic_password
severity = medium
line = 1079
matchedText = passwo...
Medium
Findings
5 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret PatternREADME.md
MediumSecret PatternREADME.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings