registry  /  nolimit-agent  /  1.0.310

nolimit-agent@1.0.310

Advanced email sender

AI Security Review

scanned 3d ago · by lpm-firewall-ai

The package is an obfuscated bulk email/red-team toolkit with webmail browser automation and evasion features. Install-time behavior is limited, but user-invoked CLI commands enable abuse-oriented mass messaging and browser-extension injection.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
npm install runs postinstall; user runs nolimit CLI or nolimit web --setup/web
Impact
Can automate unsolicited/deceptive email sending through SMTP accounts or active webmail sessions, with header/evasion features and contact extraction commands.
Mechanism
bulk email/phishing automation with Chrome extension injection
Attack narrative
After installation the package exposes an obfuscated nolimit CLI. User-invoked commands load SMTP/OAuth credentials from local workspace files, send campaigns, extract contacts, generate DKIM material, and can install a local Chrome extension that injects a panel into active webmail pages. The injected panel fills recipient, subject, and body fields and clicks Send across Gmail/Outlook/Yahoo targets.
Rationale
Source inspection shows no confirmed credential exfiltration at install time, but the published package is an obfuscated, abuse-oriented mass-mailing and webmail automation toolkit with explicit red-team/evasion functionality. This is concrete dangerous capability beyond normal package behavior, so it should be blocked despite some user-invoked activation. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonscripts/postinstall.js.ad/x0.js.ad/web-command.jssrc/web-panel/ws.jstemplates/functions.txtscripts/postinstall.js writes nolimit.cmd on Windows.ad/web-command.js writes ~/nolimit-ext/manifest.json, background.js, icon.png.ad/x0.js reads/writes workspace config, smtps.txt, extracted contacts, DKIM files
Network endpoints5
dns.google/resolvesmtp.gmail.comsmtp-mail.outlook.comsmtp.office365.comsmtp.sendgrid.net

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json exposes CLI main .ad/x0.js and postinstall hook
  • scripts/postinstall.js writes a Windows nolimit.cmd shim during install
  • .ad/x0.js is heavily obfuscated and implements bulk email/contact commands
  • .ad/x0.js includes red-team/evasion features: html_smuggling, header_randomization, dkim_spoofing, adaptive_attack_selection
  • .ad/web-command.js creates a Chrome extension under homedir and injects src/web-panel/ws.js into active webmail tabs
  • src/web-panel/ws.js automates Gmail/Outlook/Yahoo compose and send actions for loaded targets
Evidence against
  • postinstall.js only creates a Windows CLI shim and exits on non-Windows
  • No install-time credential harvesting or external exfiltration endpoint confirmed
  • Network use is mostly package-aligned SMTP/OAuth/DNS/webmail behavior
  • Templates contain placeholder content rather than embedded credential theft pages
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 19.0 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/web-panel/ws.jsView file
269contains invisible/control Unicode U+202A (left-to-right embedding) const sendBtn = document.querySelector('[data-tooltip="Send <U+202A>(Ctrl-Enter)<U+202C>"]') ||
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

src/web-panel/ws.jsView on unpkg · L269
scripts/postinstall.jsView file
matchType = normalized_sha256 matchedPackage = nolimit-agent@1.0.308 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.308 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

scripts/postinstall.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = cbd26ae1248ea37f signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = nolimit-agent@1.0.308 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.308 similarity = 1.000 shingleOverlap = 1 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

scripts/postinstall.jsView on unpkg

Findings

1 Critical3 High2 Medium4 Low
CriticalTrojan Source Unicodesrc/web-panel/ws.js
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similarityscripts/postinstall.js
HighKnown Malware Source Fingerprint Signaturescripts/postinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings