AI Security Review
scanned 1h ago · by lpm-firewall-aiThe package runs a `prepare` lifecycle payload in applicable npm install/pack and repository workflows. It harvests environment variables and GitHub Actions OIDC credentials, then transmits them to an external ngrok host.
Static reason
No blocking static signals were detected.
Trigger
npm execution of the `prepare` lifecycle script
Impact
Exposure of CI secrets, cloud identity tokens, and host metadata to a third party.
Mechanism
environment and CI OIDC-token harvesting with HTTPS exfiltration
Attack narrative
The `prepare` inline Node payload builds a record containing host metadata and all environment variables, then POSTs it to an unrelated ngrok endpoint. In GitHub Actions, it additionally calls the runner-provided OIDC token endpoint with `ACTIONS_ID_TOKEN_REQUEST_TOKEN`, captures the OIDC response, and exfiltrates it with the environment data. Errors are deliberately ignored.
Rationale
Direct inspection confirms a credential-harvesting lifecycle payload with external exfiltration and no legitimate package implementation. This is concrete malicious behavior, not a scanner-only inference.
Evidence
package.json
Network endpoints1
crabbing-thong-overhung.ngrok-free.dev/?cross_os_cloud=1
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `package.json` defines a `prepare` lifecycle command.
- The command collects platform, hostname, username, and the full `process.env`.
- It POSTs collected data to `crabbing-thong-overhung.ngrok-free.dev`.
- When GitHub Actions OIDC variables exist, it requests an OIDC token using the runner bearer token and exfiltrates the response.
- `|| true` suppresses lifecycle failure after attempted exfiltration.
Evidence against
- Package contains only `package.json`; no legitimate package functionality is present.
Behavioral surface
NoLicense
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•Published source reference
High
Suspicious Lifecycle Evidence
`package.json` defines a `prepare` lifecycle command.
package.jsonView on unpkgFindings
5 High3 Low
HighSuspicious Lifecycle Evidencepackage.json
HighAi Review Evidence
HighAi Review Evidence
HighAi Review Evidence
HighSuspicious Lifecycle Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowNo License