AI Security Review
scanned 4d ago · by lpm-firewall-aiThis package is a bulk email/phishing campaign toolkit with built-in scanner-evasion attachment formats and webmail automation. The confirmed risk is user-invoked abuse capability, plus install-time shim creation on Windows.
Decision evidence
public snapshot- package.json describes an "Advanced email sender" with red-team/smtp keywords and exposes obfuscated CLI entrypoint .ad/x0.js.
- templates/functions.txt documents bulk campaign sending, OAuth SMTP tokens, contact extraction, DKIM key generation, direct MX, raw SMTP, and turbo parallel sending.
- templates/functions.txt explicitly documents gateway-scanner evasion: obfuscated HTML redirects, .url shortcuts, and SVG xlink URL hiding.
- src/web-panel/ws.js injects a webmail panel into Gmail/Outlook/Yahoo and programmatically composes and clicks Send for target lists.
- .ad files are heavily obfuscated despite source package distribution, hiding high-risk SMTP/crawler/phishing functionality.
- scripts/postinstall.js runs at install time and writes a Windows nolimit.cmd shim into the npm global prefix.
- postinstall.js only runs on win32 and appears limited to creating the declared CLI shim.
- No evidence found of install-time credential harvesting or immediate exfiltration.
- Network activity appears tied to user-invoked sender/crawler/favicon features rather than automatic import-time beaconing.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/web-panel/ws.jsView on unpkg · L269Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/postinstall.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
scripts/postinstall.jsView on unpkg