AI Security Review
scanned 4d ago · by lpm-firewall-aiThe package is a bulk email/phishing automation toolkit with scanner-evasion features and browser webmail automation. Its CLI/extension path can inject code into webmail tabs and send configured campaigns to target lists.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install for shim creation; user runs nolimit CLI/web commands to activate campaign or webmail automation
Impact
Enables deceptive email campaigns, link/attachment scanner bypass, and automated sending from logged-in webmail sessions.
Mechanism
phishing kit with email sending, attachment/link evasion, and Chrome webmail injection
Attack narrative
After installation, the package exposes an obfuscated CLI. Its documented workflow loads SMTP/webmail targets and templates, generates evasive email/attachment variants, and can build a Chrome extension that connects to a local WebSocket bridge, injects the web panel into an open webmail tab, fills recipients/subject/body, and clicks Send repeatedly.
Rationale
Static inspection shows concrete phishing and evasion functionality, not just generic email sending: scanner-hiding redirects, shortcut/SVG click-through attachments, HTML fingerprint evasion, and automated webmail injection/sending. This is dangerous capability packaged as a red-team sender and should be blocked upstream.
Evidence
package.jsonscripts/postinstall.jssrc/web-panel/ws.js.ad/web-command.js.ad/xj.jstemplates/functions.txttemplates/config.jsonscripts/postinstall.js writes nolimit.cmd on Windows global npm prefix.ad/web-command.js writes Chrome extension files under the user's home directory
Network endpoints2
ws://localhost:9227127.0.0.1:9227
Decision evidence
public snapshotAI called this Malicious at 93.0% confidence as Malware with low false-positive risk.
Evidence for block
- package.json exposes obfuscated .ad/x0.js as main/bin and includes postinstall lifecycle.
- templates/functions.txt documents phishing/evasion features: obfuscated redirects, gateway-scanner hiding, .url attachments, SVG click-through links.
- src/web-panel/ws.js injects a panel into webmail pages and auto-fills/clicks Send for Gmail/Outlook/Yahoo targets.
- .ad/web-command.js builds a Chrome extension with all-URL host permissions and injects src/web-panel/ws.js into active webmail tabs over ws://localhost:9227.
- .ad/xj.js implements HTML fingerprint evasion by randomizing comments, CSS, attributes, entities, case, and data attributes.
- scripts/postinstall.js writes a Windows global nolimit.cmd shim at install time.
Evidence against
- postinstall behavior is limited to Windows bin shim creation and does not itself exfiltrate data.
- No hardcoded credential exfiltration endpoint was confirmed in inspected source.
- Templates/config files contain placeholders rather than embedded secrets.
Behavioral surface
ChildProcessFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgsrc/web-panel/ws.jsView file
269contains invisible/control Unicode U+202A (left-to-right embedding)
const sendBtn = document.querySelector('[data-tooltip="Send <U+202A>(Ctrl-Enter)<U+202C>"]') ||
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/web-panel/ws.jsView on unpkg · L269Findings
1 Critical1 High2 Medium4 Low
CriticalTrojan Source Unicodesrc/web-panel/ws.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings