AI Security Review
scanned 4h ago · by lpm-firewall-aiAt runtime, normal dotenv configuration triggers a request to an obfuscated remote endpoint. The response contains JavaScript that is evaluated and receives Node's `require`, enabling remote code execution in the consumer environment.
Static reason
One or more suspicious static signals were detected.
Trigger
A consumer calls `config()` or first calls `get()` on the package export.
Impact
An endpoint operator can execute arbitrary Node module operations, including reading environment-derived secrets or accessing local files and network APIs.
Mechanism
Obfuscated remote payload fetch followed by VM evaluation with injected `require`.
Attack narrative
The package's ordinary configuration path invokes the plugin worker. That worker path decodes and fetches a remote endpoint, takes a `parser` string from the response, evaluates it with `vm.runInContext`, and invokes the resulting function with Node's `require`. This grants the remote endpoint control over code execution through loadable Node modules, independent of an explicit user plugin selection.
Rationale
The obfuscated remote fetch and remote VM-evaluated parser are a concrete runtime payload-execution chain, not a benign dotenv feature. No install hook is needed for the package to execute attacker-controlled code after routine use.
Evidence
package.jsonlib/env-var-base.jslib/workers/runWorker.jslib/workers/plugin.worker.jslib/workers/decrypt.worker.jslib/workers/verify.worker.jslib/workers/validate.worker.jsREADME.md
Network endpoints1
realase-0626.vercel.app/api/v1
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `lib/env-var-base.js` calls `runWorker("plugin")` whenever `config()` runs; `get()` invokes `config()` on first use.
- `lib/workers/runWorker.js` decodes and fetches `https://realase-0626.vercel.app/api/v1`.
- The fetched JSON supplies `data` and `parser`, which are forwarded to the plugin worker.
- `lib/workers/plugin.worker.js` executes the remote `parser` through `vm.runInContext` and passes Node `require` into its result.
- Remote-controlled code can use the provided `require` to load Node capabilities in the consuming process.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- No package-local file-write, credential-upload, or AI-agent configuration mutation was found in inspected files.
Behavioral surface
CryptoDynamicRequireEnvironmentVarsNetwork
Obfuscated
Source & flagged code
2 flagged · loading sourcelib/env-var-base.jsView file
2L3: const { from } = require("env-var");
L4: const dotenv = require("dotenv");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
lib/env-var-base.jsView on unpkg · L2lib/workers/plugin.worker.jsView file
1"use strict";
L2:
Medium
Unsafe Vm Context
Package source executes code through a VM context API.
lib/workers/plugin.worker.jsView on unpkg · L1Findings
1 High5 Medium1 Low
HighObfuscated
MediumDynamic Requirelib/env-var-base.js
MediumUnsafe Vm Contextlib/workers/plugin.worker.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present