AI Security Review
scanned 5h ago · by lpm-firewall-aiThe package runs install.js at npm postinstall and exfiltrates host identity, environment variables, local credential files, and browser wallet extension data. The behavior is unrelated to a small debug utility and uses Telegram as the collection endpoint.
Decision evidence
public snapshot- package.json defines postinstall: node install.js, so payload runs during npm install.
- install.js collects credential-like environment variables and then serializes all process.env into an exfiltration archive.
- install.js reads sensitive files including ~/.npmrc, ~/.git-credentials, ~/.kube/config, gcloud credentials, Docker config, .env files, and SSH config.
- install.js searches Chrome extension storage for MetaMask and Trust Wallet vaults and archives matching directories.
- install.js sends host/user/CWD summary, gzip data, and wallet archives to api.telegram.org using a hardcoded bot token/chat id.
- install.js invokes shell archiving via execSync with tar or PowerShell Compress-Archive.
- index.js only re-exports the legitimate debug package.
- No evidence of persistence beyond install-time execution.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource appears to send environment or credential material to an external endpoint.
install.jsView on unpkg · L6A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
install.jsView on unpkg · L6Source collects local host identity data and sends it to an external endpoint.
install.jsView on unpkg · L6