AI Security Review
scanned 7d ago · by lpm-firewall-aiThe package executes an install-time exfiltration script during preinstall and postinstall. It harvests environment variables, likely flag/secret files, and command output, then sends the data to an external webhook.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- package.json defines preinstall and postinstall hooks: node exfil.js <phase>.
- exfil.js collects matching env vars including secret/token/npm names into result.env_flag.
- exfil.js reads likely flag paths including /flag, /root/flag.txt, local flag.txt, and ../flag.txt.
- exfil.js runs child_process execSync discovery commands including id, hostname, find / '*flag*', cat /flag*, and env grep token.
- exfil.js sends collected host, cwd, user, env, file, and command output to webhook.site via POST and fallback GET.
- index.js is empty, so install-time exfiltration is the meaningful behavior.
- No obfuscation or persistence found in inspected files.
- No benign package functionality found that would justify credential/file/command-output collection.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
exfil.jsView on unpkg · L1Source executes local commands and sends command output to an external endpoint.
exfil.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
exfil.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
exfil.jsView on unpkg · L1