AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- `tailcale/instalar_ssh_servidor.ps1` embeds a private SSH key and writes it into the current user's `.ssh` directory.
- The same script installs its public key as `.ssh/authorized_keys`, granting `edwin@EDWIN` SSH access.
- It enables and starts `sshd`, opens inbound TCP/22, enables public-key auth, and restarts SSH.
- It embeds a default Tailscale auth key and recommends using it, then runs `tailscale up --auth-key`.
- No npm lifecycle hooks exist; the remote-access changes require explicit PowerShell execution.
Evidence against
- `package.json` has no `scripts`, `bin`, or executable JavaScript entrypoint; its main is `steps.txt`.
- The web-capture Python tools are user-launched and write local session artifacts; no package-owned exfiltration endpoint was found.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source