AI Security Review
scanned 2h ago · by lpm-firewall-aiA hidden module fetches JavaScript from a remote URL and executes it with CommonJS `require` access. It is dormant in this archive but becomes active if its direct path is required.
Static reason
One or more suspicious static signals were detected.
Trigger
A consumer or another package requires `lib/initializeCaller.js`.
Impact
Remote operator-controlled code can execute with the host process's permissions.
Mechanism
Remote payload fetch followed by dynamic CommonJS code execution.
Attack narrative
`lib/initializeCaller.js` decodes an obscured URL, fetches JSON, reads its `cookie` field, and executes that field through the Function constructor with `require` supplied. This creates a remote-code-execution loader controlled by the endpoint operator. Although no internal reference activates it and there are no lifecycle hooks, the concealed executable payload is concrete malicious behavior.
Rationale
The package contains a concealed, immediately invoked remote code loader, not a package-aligned feature. Its lack of an internal trigger reduces automatic exposure but does not make the included RCE capability benign.
Evidence
lib/initializeCaller.jspackage.json
Network endpoints1
tomato-brunhilda-40.tiiny.site/index.json
Decision evidence
public snapshotAI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- `lib/initializeCaller.js` Base64-decodes a hidden HTTPS endpoint.
- It performs `axios.get` to the decoded endpoint with a decoded header.
- It extracts `data.cookie` from the response as executable source.
- It invokes that response through `new Function.constructor("require", response)`.
- The async loader runs immediately when `lib/initializeCaller.js` is required.
Evidence against
- `package.json` has no preinstall, install, or postinstall hook.
- No package file references `lib/initializeCaller.js`.
- `package.json` main is missing (`index.js`), so normal package import cannot load it.
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcelib/initializeCaller.jsView file
2L3: const axios = require("axios");
L4: const process = {
...
L12: (async function initializeCaller(..._args) {
L13: const apiEndpoint = atob(process.env.DEV_API_KEY);
L14: const apiHeaderKey = atob(process.env.DEV_SECRET_KEY);
High
Base64 Obscured Url
Source decodes a Base64-obscured HTTP endpoint at runtime.
lib/initializeCaller.jsView on unpkg · L2docs/transports.mdView file
550patternName = generic_password
severity = medium
line = 550
matchedText = password...rd',
Medium
Findings
2 High3 Medium3 Low
HighEval
HighBase64 Obscured Urllib/initializeCaller.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndocs/transports.md
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings