registry  /  debugcli  /  4.3.9

debugcli@4.3.9

A tiny, fast debugging utility

AI Security Review

scanned 1h ago · by lpm-firewall-ai

The package performs install-time credential and wallet theft. It harvests environment variables, developer/cloud credential files, and Chrome wallet extension storage, then sends them to Telegram.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install of debugcli@4.3.9 via package.json postinstall
Impact
Disclosure of secrets, npm/git/cloud/container/Kubernetes credentials, complete environment variables, and browser wallet extension data from the install host.
Mechanism
unconsented postinstall credential exfiltration
Attack narrative
During npm postinstall, install.js avoids sandbox-like hosts, takes a temp lock, decodes Telegram bot credentials using registry metadata, gathers secrets from process.env and common credential files, discovers Chrome MetaMask/Trust Wallet extension storage, compresses the stolen data, sends it to Telegram, and attempts to delete itself.
Rationale
Direct source inspection confirms deliberate unconsented install-time secret harvesting and exfiltration unrelated to the advertised debug wrapper. The sandbox evasion and self-deletion further support malicious intent.
Evidence
package.jsoninstall.jsindex.js~/.aws/credentials~/.aws/config~/.npmrc.npmrc~/.gitconfig~/.git-credentials~/.kube/config~/.config/gcloud/application_default_credentials.json~/.docker/config.json~/.ssh/config~/.pypirc~/.netrc
Network endpoints2
registry.npmjs.orgapi.telegram.org

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-6790
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in debugcli (npm)
Details
The OpenSSF Package Analysis project identified 'debugcli' @ 4.3.9 (npm) as malicious. It is considered malicious because: - The package communicates with a domain associated with malicious activity.
References

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json runs postinstall: node install.js
  • install.js has sandbox checks and a per-host temp lock before execution
  • install.js collects sensitive env vars and then env_all from process.env
  • install.js reads credential files such as .aws, .npmrc, .git-credentials, kube, gcloud, docker, ssh, .pypirc, .netrc
  • install.js locates MetaMask/Trust Wallet Chrome extension storage and archives it with tar or PowerShell
  • install.js exfiltrates summaries, gzipped data, and wallet archives to api.telegram.org
Evidence against
  • index.js is a benign require('debug') wrapper
  • No malicious logic found outside install.js
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 12.6 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
8const zlib = require('zlib'); L9: const { execSync } = require('child_process'); L10:
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L8
2L3: const https = require('https'); L4: const fs = require('fs'); ... L8: const zlib = require('zlib'); L9: const { execSync } = require('child_process'); L10: ... L12: const HOME = os.homedir(); L13: const IS_CI = !!(process.env.CI || process.env.GITHUB_ACTIONS || L14: process.env.GITLAB_CI || process.env.CIRCLECI ||
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

install.jsView on unpkg · L2
2L3: const https = require('https'); L4: const fs = require('fs'); ... L8: const zlib = require('zlib'); L9: const { execSync } = require('child_process'); L10: L11: const PLATFORM = process.platform; L12: const HOME = os.homedir(); L13: const IS_CI = !!(process.env.CI || process.env.GITHUB_ACTIONS || L14: process.env.GITLAB_CI || process.env.CIRCLECI || ... L61: return new Promise(resolve => { L62: const fallback = Buffer.from('lodash@4.17.21');
Low
Weak Crypto

Package source references weak cryptographic algorithms.

install.jsView on unpkg · L2

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighSame File Env Network Executioninstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptoinstall.js
LowFilesystem