registry  /  hablas-tools  /  7.1.3

hablas-tools@7.1.3

AI Security Review

scanned 7h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Network activity is tied to explicit interactive username checking, optional proxy discovery, or user-configured notifications.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the CLI and selects TikTok/WhatsApp checks or proxy/notification settings.
Impact
Performs the advertised username-checking operations and writes local configuration/results/authentication state.
Mechanism
Interactive TikTok page checks, WhatsApp Baileys queries, proxy validation, and opt-in result notifications.
Rationale
The flagged primitives implement the documented interactive username-checking suite, with no install-time execution, credential exfiltration, remote payload execution, or stealth persistence. Static hints reflect expected network/configuration functionality rather than a concrete malicious chain.
Evidence
package.jsonbin/cli.jsshared/config.jstools/tiktok/checker.jstools/tiktok/notify.jstools/tiktok/proxy.jstools/whatsapp/auth.jsdata/config.jsondata/*.txtresults/*auth_info/*
Network endpoints4
www.tiktok.com/@<username>api.proxyscrape.com/v2/proxylist.geonode.com/api/proxy-listapi.telegram.org/bot<user-configured-token>/sendMessage

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `tools/tiktok/checker.js` sends user-selected username checks to TikTok, optionally via proxies.
  • `tools/tiktok/proxy.js` fetches and tests public proxies when chosen from its menu.
  • `tools/tiktok/notify.js` can post availability messages to user-configured Discord/Telegram destinations.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • `bin/cli.js` performs no network activity before interactive authentication and menu selection.
  • `tools/tiktok/notify.js` sends only result text; configured tokens/webhook URLs are not transmitted elsewhere.
  • `shared/config.js` stores configuration locally at `data/config.json`; no harvesting of unrelated files or environment secrets.
  • No child-process, eval/vm/Function, remote code loading, persistence outside package data, or AI-agent control-surface writes found.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 116 KB of source, external domains: api.proxyscrape.com, api.telegram.org, hablas.tech, proxylist.geonode.com, www.tiktok.com

Source & flagged code

2 flagged · loading source
shared/config.jsView file
64patternName = generic_password severity = medium line = 64 matchedText = password...re',
Medium
Secret Pattern

Package contains a possible secret pattern.

shared/config.jsView on unpkg · L64
tools/tiktok/checker.jsView file
matchType = previous_version_dangerous_delta matchedPackage = hablas-tools@7.0.0 matchedIdentity = npm:aGFibGFzLXRvb2xz:7.0.0 similarity = 0.563 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

tools/tiktok/checker.jsView on unpkg

Findings

1 High3 Medium4 Low
HighPrevious Version Dangerous Deltatools/tiktok/checker.js
MediumSecret Patternshared/config.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings