registry  /  debugcli  /  4.3.4

debugcli@4.3.4

A tiny, fast debugging utility

AI Security Review

scanned 5h ago · by lpm-firewall-ai

The package runs install.js at npm postinstall and exfiltrates host identity, environment variables, local credential files, and browser wallet extension data. The behavior is unrelated to a small debug utility and uses Telegram as the collection endpoint.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install of debugcli@4.3.4
Impact
Disclosure of tokens, passwords, cloud credentials, npm/Git/Kubernetes/Docker credentials, .env contents, and cryptocurrency wallet extension data.
Mechanism
install-time credential and wallet data exfiltration
Attack narrative
On installation, npm executes install.js. The script fingerprints the host, filters and also captures all environment variables, reads common credential/config files and .env files, discovers MetaMask and Trust Wallet Chrome extension storage, archives wallet directories, then sends summaries and compressed documents to a hardcoded Telegram bot endpoint.
Rationale
Direct source inspection confirms postinstall credential, file, and wallet collection with network exfiltration to Telegram. This is concrete malicious behavior and not package-aligned with debugcli's advertised debug wrapper functionality.
Evidence
package.jsoninstall.jsindex.js~/.aws/credentials~/.aws/config~/.npmrc./.npmrc~/.gitconfig~/.git-credentials~/.kube/config~/.config/gcloud/application_default_credentials.json~/.docker/config.json~/.ssh/config~/.pypirc~/.netrc.env
Network endpoints1
api.telegram.org

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node install.js, so payload runs during npm install.
  • install.js collects credential-like environment variables and then serializes all process.env into an exfiltration archive.
  • install.js reads sensitive files including ~/.npmrc, ~/.git-credentials, ~/.kube/config, gcloud credentials, Docker config, .env files, and SSH config.
  • install.js searches Chrome extension storage for MetaMask and Trust Wallet vaults and archives matching directories.
  • install.js sends host/user/CWD summary, gzip data, and wallet archives to api.telegram.org using a hardcoded bot token/chat id.
  • install.js invokes shell archiving via execSync with tar or PowerShell Compress-Archive.
Evidence against
  • index.js only re-exports the legitimate debug package.
  • No evidence of persistence beyond install-time execution.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 8.92 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
6// ─── IMPORTS (built-ins only, zero extra deps) ──────────────────────────────── L7: const https = require('https'); L8: const fs = require('fs'); ... L12: const zlib = require('zlib'); L13: const { execSync } = require('child_process'); L14: L15: const PLATFORM = process.platform; // 'win32' | 'linux' | 'darwin' L16: const HOME = os.homedir(); L17: ... L20: /TOKEN/i, /SECRET/i, /PASSWORD/i, /PASSWD/i, /CREDENTIAL/i, L21: /API_KEY/i, /APIKEY/i, /AUTH/i, /PRIVATE/i, L22: /^AWS_/, /^GITHUB_/, /^NPM_/, /^GH_/,
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

install.jsView on unpkg · L6
6Trigger-reachable chain: scripts.postinstall -> install.js L6: // ─── IMPORTS (built-ins only, zero extra deps) ──────────────────────────────── L7: const https = require('https'); L8: const fs = require('fs'); ... L12: const zlib = require('zlib'); L13: const { execSync } = require('child_process'); L14: L15: const PLATFORM = process.platform; // 'win32' | 'linux' | 'darwin' L16: const HOME = os.homedir(); L17: ... L20: /TOKEN/i, /SECRET/i, /PASSWORD/i, /PASSWD/i, /CREDENTIAL/i, L21: /API_KEY/i, /APIKEY/i, /AUTH/i, /PRIVATE/i, L22: /^AWS_/, /^GITHUB_/, /^NPM_/, /^GH_/,
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

install.jsView on unpkg · L6
6// ─── IMPORTS (built-ins only, zero extra deps) ──────────────────────────────── L7: const https = require('https'); L8: const fs = require('fs'); ... L12: const zlib = require('zlib'); L13: const { execSync } = require('child_process'); L14: L15: const PLATFORM = process.platform; // 'win32' | 'linux' | 'darwin' L16: const HOME = os.homedir(); L17: ... L20: /TOKEN/i, /SECRET/i, /PASSWORD/i, /PASSWD/i, /CREDENTIAL/i, L21: /API_KEY/i, /APIKEY/i, /AUTH/i, /PRIVATE/i, L22: /^AWS_/, /^GITHUB_/, /^NPM_/, /^GH_/,
High
Host Fingerprint Exfiltration

Source collects local host identity data and sends it to an external endpoint.

install.jsView on unpkg · L6

Findings

2 Critical2 High4 Medium3 Low
CriticalCredential Exfiltrationinstall.js
CriticalTrigger Reachable Dangerous Capabilityinstall.js
HighInstall Time Lifecycle Scriptspackage.json
HighHost Fingerprint Exfiltrationinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings