registry  /  debugcli  /  4.3.6

debugcli@4.3.6

A tiny, fast debugging utility

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package executes a postinstall credential stealer. It harvests environment variables, local credential files, and browser wallet extension storage, then exfiltrates them to Telegram.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs package.json postinstall: node install.js
Impact
Compromise of npm/cloud/API credentials, CI secrets, local config secrets, and browser wallet vault data from installer host.
Mechanism
install-time credential and wallet vault exfiltration
Attack narrative
On installation, npm runs install.js. The script acquires a temp lock, collects filtered and complete environment variables, reads common credential/config files and file paths referenced by env vars, locates wallet extension storage, archives wallet data, gzips the collected data, and uploads summaries/documents to Telegram via api.telegram.org.
Rationale
Direct source inspection confirms unconsented install-time credential, file, and wallet data exfiltration to a Telegram bot, unrelated to the package's advertised debug utility behavior. This is concrete malicious behavior reachable from the lifecycle hook.
Evidence
package.jsoninstall.jsindex.js/tmp/.dbc_lk~/.aws/credentials~/.aws/config~/.npmrc./.npmrc~/.gitconfig~/.git-credentials~/.kube/config~/.config/gcloud/application_default_credentials.json~/.docker/config.json~/.ssh/config~/.pypirc~/.netrc
Network endpoints2
api.telegram.org/bot8938396680:AAHDBH2TBImMLhCi0eCM8UN0GOKw0RMVRmk/sendMessageapi.telegram.org/bot8938396680:AAHDBH2TBImMLhCi0eCM8UN0GOKw0RMVRmk/sendDocument

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node install.js, so attack runs during npm install.
  • install.js embeds Telegram bot token/chat id and posts to api.telegram.org.
  • install.js collects secret-like env vars and then includes env_all with every environment variable in a gzipped JSON document.
  • install.js reads credential files including .npmrc, .git-credentials, kube config, gcloud, docker, .netrc, and env-pointed credential files.
  • install.js searches Chrome extension storage for MetaMask/Trust Wallet and archives vault directories with tar or PowerShell Compress-Archive.
  • install.js uses a /tmp .dbc_lk cooldown lock to limit repeated reporting from the same host.
Evidence against
  • index.js only re-exports the legitimate debug dependency.
  • No evidence of destructive file deletion beyond temporary archive cleanup.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.0 KB of source

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
6// ─── IMPORTS (built-ins only, zero extra deps) ──────────────────────────────── L7: const https = require('https'); L8: const fs = require('fs'); ... L12: const zlib = require('zlib'); L13: const { execSync } = require('child_process'); L14: L15: const PLATFORM = process.platform; L16: const HOME = os.homedir(); L17: const IS_CI = !!(process.env.CI || process.env.GITHUB_ACTIONS || L18: process.env.GITLAB_CI || process.env.CIRCLECI || ... L46: /TOKEN/i, /SECRET/i, /PASSWORD/i, /PASSWD/i, /CREDENTIAL/i, L47: /API_KEY/i, /APIKEY/i, /AUTH/i, /PRIVATE/i,
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

install.jsView on unpkg · L6
6Trigger-reachable chain: scripts.postinstall -> install.js L6: // ─── IMPORTS (built-ins only, zero extra deps) ──────────────────────────────── L7: const https = require('https'); L8: const fs = require('fs'); ... L12: const zlib = require('zlib'); L13: const { execSync } = require('child_process'); L14: L15: const PLATFORM = process.platform; L16: const HOME = os.homedir(); L17: const IS_CI = !!(process.env.CI || process.env.GITHUB_ACTIONS || L18: process.env.GITLAB_CI || process.env.CIRCLECI || ... L46: /TOKEN/i, /SECRET/i, /PASSWORD/i, /PASSWD/i, /CREDENTIAL/i, L47: /API_KEY/i, /APIKEY/i, /AUTH/i, /PRIVATE/i,
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

install.jsView on unpkg · L6
12const zlib = require('zlib'); L13: const { execSync } = require('child_process'); L14:
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L12
6// ─── IMPORTS (built-ins only, zero extra deps) ──────────────────────────────── L7: const https = require('https'); L8: const fs = require('fs'); ... L12: const zlib = require('zlib'); L13: const { execSync } = require('child_process'); L14: ... L16: const HOME = os.homedir(); L17: const IS_CI = !!(process.env.CI || process.env.GITHUB_ACTIONS || L18: process.env.GITLAB_CI || process.env.CIRCLECI ||
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

install.jsView on unpkg · L6

Findings

2 Critical3 High4 Medium3 Low
CriticalCredential Exfiltrationinstall.js
CriticalTrigger Reachable Dangerous Capabilityinstall.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighSame File Env Network Executioninstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings