registry  /  nolimit-agent  /  1.0.316

nolimit-agent@1.0.316

Advanced email sender

AI Security Review

scanned 4d ago · by lpm-firewall-ai

The package is a phishing/spam automation toolkit rather than a silent install-time stealer. It provides bulk email/SMS sending, webmail automation, contact extraction, proxy/direct-MX routing, spoof-like sender generation, and attachment/link obfuscation features.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
User runs the nolimit CLI, especially send, web, contacts, auth, or dkim commands; postinstall only creates a Windows shim.
Impact
Can automate abusive email/SMS campaigns, extract contacts from configured mailboxes, spoof sender presentation, and route delivery through proxies/direct MX; no confirmed silent compromise on install.
Mechanism
dangerous user-invoked messaging and webmail automation toolkit
Attack narrative
When invoked, the CLI can load recipient and SMTP credentials from workspace files, generate spoof-like sender identities and DKIM keys, use proxies/direct MX, transform attachments, and send campaigns. Its web mode writes a Chrome extension and injects a panel into active webmail pages to compose and send messages to loaded targets. These are explicit user-invoked capabilities, not silent install-time execution.
Rationale
Source inspection confirms substantial abusive email/phishing automation capability, but the install hook is limited to a Windows bin shim and I did not find silent credential harvesting or exfiltration to an attacker endpoint. Treat as dangerous dual-use/abuseware and warn rather than publish-block as malware.
Evidence
package.jsonscripts/postinstall.js.ad/x0.js.ad/web-command.js.ad/from-generator.js.ad/socks-loader.jssrc/web-panel/ws.jstemplates/functions.txttemplates/config.jsontemplates/socks.txtphonebook/config.jsonnolimit.cmd~/.nolimit-ext/manifest.json~/.nolimit-ext/background.jsdkim_keys/<domain>.pemdkim_keys/.dkim-state.jsonextracted/
Network endpoints7
ws://localhost:9227smtp.gmail.comsmtp-mail.outlook.comsmtp.office365.comsmtp.sendgrid.netwww.google.com/s2/faviconst1.gstatic.com/faviconV2

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json main/bin points to heavily obfuscated .ad/x0.js and includes many obfuscated .ad modules
  • templates/functions.txt documents bulk campaign commands: send, auth, contacts extraction, sort, validate, dkim
  • templates/functions.txt and .ad/from-generator.js implement spoof-like sender generation, thread prefixes, QR links, direct_mx, proxy, DKIM, and attachment transformations
  • src/web-panel/ws.js injects a panel into Gmail/Outlook/Yahoo tabs and clicks compose/send for target lists
  • .ad/web-command.js creates a Chrome extension under the user's home directory and injects panel code into webmail tabs via localhost WebSocket
  • package code references contact extraction/output, SMTP credentials, OAuth tokens, SOCKS proxies, direct MX sending, and DKIM key files
Evidence against
  • scripts/postinstall.js only runs on win32 to create nolimit.cmd shim for .ad/x0.js; no install-time credential or network exfiltration found
  • No hardcoded exfiltration webhook or attacker-controlled collection endpoint confirmed in inspected source
  • Network activity is mostly user-invoked email/DNS/favicon/OAuth/webmail automation consistent with the tool's advertised sender function
  • Chrome extension creation and browser injection are activated by the web command rather than npm install/import
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 19.0 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/web-panel/ws.jsView file
269contains invisible/control Unicode U+202A (left-to-right embedding) const sendBtn = document.querySelector('[data-tooltip="Send <U+202A>(Ctrl-Enter)<U+202C>"]') ||
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

src/web-panel/ws.jsView on unpkg · L269
scripts/postinstall.jsView file
matchType = normalized_sha256 matchedPackage = nolimit-agent@1.0.315 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.315 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

scripts/postinstall.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = cbd26ae1248ea37f signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = nolimit-agent@1.0.315 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.315 similarity = 1.000 shingleOverlap = 1 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

scripts/postinstall.jsView on unpkg

Findings

1 Critical3 High2 Medium4 Low
CriticalTrojan Source Unicodesrc/web-panel/ws.js
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similarityscripts/postinstall.js
HighKnown Malware Source Fingerprint Signaturescripts/postinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings