AI Security Review
scanned 2h ago · by lpm-firewall-aiRunning the CLI launches a concealed persistent Electron process that captures another foreground window's image or UI text. It sends that content to ChatGPT through a hidden browser session and displays or types retrieved answers.
Decision evidence
public snapshot- `bin/kalamasha-tool.js` disguises Electron as `SearchFilterHost.exe`, detaches it, and respawns it after termination.
- `main.js` invokes `bin/stealth_capture.ps1` to capture the foreground window and queues its image data.
- `main.js` runs `bin/uia_extract.py` or `bin/uia_extract.exe` to extract text from other foreground windows.
- `main.js` injects captured images/text into a hidden ChatGPT window and retrieves answers.
- `bin/chrome_cookies.ps1` decrypts OpenAI/ChatGPT browser cookies from Chrome, Edge, or Brave.
- `main.js` and launcher contain explicit anti-proctor, stealth, and watchdog behavior.
- `package.json` postinstall only attempts to require Electron and does not invoke the malicious runtime path.
- No non-OpenAI remote endpoint was found in the inspected source.
- The browser-cookie extractor is shipped but has no invocation from the JavaScript entrypoints inspected.
Source & flagged code
9 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
bin/kalamasha-tool.jsView on unpkg · L2Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/kalamasha-tool.jsView on unpkg · L2Package source invokes a package manager install command at runtime.
bin/kalamasha-tool.jsView on unpkg · L67Source file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/kalamasha-tool.jsView on unpkgPackage ships non-JavaScript build or shell helper files.
bin/chrome_cookies.ps1View on unpkg