registry  /  chat-adapter-zoom  /  12.1.31

chat-adapter-zoom@12.1.31

A utility package that reports runtime errors to Sentry using @sentry/node.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package performs install-time telemetry upload to a hardcoded Sentry project. Preinstall executes a verification script that resolves public IP context, captures a forced error, and flushes it to Sentry without user invocation.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
npm preinstall lifecycle during package installation
Impact
Installer environment metadata, public egress IP, and error event/context can be sent to a package-controlled Sentry project during install.
Mechanism
unconsented install-time Sentry telemetry and public-IP collection
Attack narrative
On installation, npm runs the package preinstall script. That script installs @sentry/node and executes examples/verify.js, which initializes the exported module with its hardcoded default Sentry DSN, fetches public IP information via Cloudflare trace, deliberately throws/captures an error, and flushes the event to Sentry. This creates unconsented install-time network telemetry to infrastructure controlled by the package author.
Rationale
Source inspection confirms concrete install-time execution that sends telemetry to a hardcoded Sentry DSN and queries public IP endpoints before the user imports the package. This is not merely a dual-use monitoring library because the behavior is automatically triggered by preinstall.
Evidence
package.jsonexamples/verify.jssrc/index.jssrc/index.d.ts
Network endpoints4
ab3ba49fb61df1dca0cc496846baee89@o4510485815754752.ingest.us.sentry.io/4511709729914880www.cloudflare.com/cdn-cgi/traceone.one.one.one/cdn-cgi/trace1.1.1.1/cdn-cgi/trace

Decision evidence

public snapshot
AI called this Malicious at 97.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines preinstall: npm install @sentry/node && node examples/verify.js
  • examples/verify.js runs during preinstall and calls ecCheck.init() with package default DSN
  • src/index.js hardcodes Sentry DSN https://ab3ba49fb61df1dca0cc496846baee89@o4510485815754752.ingest.us.sentry.io/4511709729914880
  • src/index.js init enables sendDefaultPii:true and uploads captured errors via @sentry/node
  • examples/verify.js calls setUserFromPublicIp using Cloudflare trace, then captures a forced TypeError and flushes to Sentry
  • preinstall performs unconsented install-time network activity and telemetry upload unrelated to installing the package
Evidence against
  • No child_process, eval/vm, dynamic require, native binary loading, destructive filesystem writes, or AI-agent control-surface writes found
  • Network code is visible in source rather than obfuscated
  • Runtime API is mostly a Sentry wrapper, but the same behavior is invoked automatically at install time
Behavioral surface
Source
ChildProcessEnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.4 KB of source, external domains: 1.1.1.1, one.one.one.one, www.cloudflare.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.preinstall = npm install @sentry/node && node examples/verify.js
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.preinstall = npm install @sentry/node && node examples/verify.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
src/index.jsView file
matchType = normalized_sha256 matchedPackage = enbd-react-error-boundry@6.0.0 matchedPath = src/index.js matchedIdentity = npm:[redacted]:6.0.0 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

src/index.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 77336ad547d16a1c signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = enbd-react-error-boundry@6.0.0 matchedPath = src/index.js matchedIdentity = npm:[redacted]:6.0.0 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

src/index.jsView on unpkg

Findings

1 Critical3 High2 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similaritysrc/index.js
HighKnown Malware Source Fingerprint Signaturesrc/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings