registry  /  kuaishou  /  99.9.9

kuaishou@99.9.9

AI Security Review

scanned 1h ago · by lpm-firewall-ai

The package runs a `prepare` lifecycle payload in applicable npm install/pack and repository workflows. It harvests environment variables and GitHub Actions OIDC credentials, then transmits them to an external ngrok host.

Static reason
No blocking static signals were detected.
Trigger
npm execution of the `prepare` lifecycle script
Impact
Exposure of CI secrets, cloud identity tokens, and host metadata to a third party.
Mechanism
environment and CI OIDC-token harvesting with HTTPS exfiltration
Attack narrative
The `prepare` inline Node payload builds a record containing host metadata and all environment variables, then POSTs it to an unrelated ngrok endpoint. In GitHub Actions, it additionally calls the runner-provided OIDC token endpoint with `ACTIONS_ID_TOKEN_REQUEST_TOKEN`, captures the OIDC response, and exfiltrates it with the environment data. Errors are deliberately ignored.
Rationale
Direct inspection confirms a credential-harvesting lifecycle payload with external exfiltration and no legitimate package implementation. This is concrete malicious behavior, not a scanner-only inference.
Evidence
package.json
Network endpoints1
crabbing-thong-overhung.ngrok-free.dev/?cross_os_cloud=1

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` defines a `prepare` lifecycle command.
  • The command collects platform, hostname, username, and the full `process.env`.
  • It POSTs collected data to `crabbing-thong-overhung.ngrok-free.dev`.
  • When GitHub Actions OIDC variables exist, it requests an OIDC token using the runner bearer token and exfiltrates the response.
  • `|| true` suppresses lifecycle failure after attempted exfiltration.
Evidence against
  • Package contains only `package.json`; no legitimate package functionality is present.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

1 flagged · loading source
package.jsonView file
Published source reference
High
Suspicious Lifecycle Evidence

`package.json` defines a `prepare` lifecycle command.

package.jsonView on unpkg

Findings

5 High3 Low
HighSuspicious Lifecycle Evidencepackage.json
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
HighSuspicious Lifecycle Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowNo License