registry  /  nolimit-agent  /  1.0.321

nolimit-agent@1.0.321

Advanced email sender

AI Security Review

scanned 3d ago · by lpm-firewall-ai

The package is an obfuscated bulk email/red-team tool with contact extraction, OAuth token storage, webmail automation, and link-wrapping capabilities. The highest risk is user-invoked phishing/spam and mailbox contact harvesting rather than silent npm install malware.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
Running the nolimit CLI commands such as auth, extract, send, web, or web --setup
Impact
Can harvest mailbox contacts, store access/refresh tokens locally, automate webmail sends, and prepare phishing-style wrapped links.
Mechanism
bulk email automation with OAuth/IMAP contact extraction and webmail injection
Attack narrative
When invoked, the CLI can authenticate to Microsoft or Google, save OAuth tokens, extract contacts from mailboxes through Graph or IMAP, and use SMTP or injected webmail UI automation to send templated messages to targets. The postinstall script only creates a Windows command shim, so the risky behavior is not confirmed to run silently at install time.
Rationale
Source inspection confirms a high-risk phishing/spam and contact-harvesting tool, but the dangerous behavior appears user-invoked and package-aligned rather than hidden install-time malware. This warrants a warning for dangerous capability, not a publish block for unconsented npm compromise behavior.
Evidence
package.jsonscripts/postinstall.js.ad/x0.js.ad/x12.js.ad/x4.js.ad/web-command.js.ad/x10.jssrc/web-panel/ws.jssmtps.txtconfig.jsonemails.txtmessages.htmlnolimit.key
Network endpoints4
api.nolimitent.xyz:4100graph.microsoft.comoauth2.googleapis.com/tokendns.google/resolve?name=

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json exposes postinstall and bin .ad/x0.js for an obfuscated bulk email tool.
  • .ad/x0.js implements auth, extract, web, and DKIM-related commands with SMTP/IMAP/OAuth handling.
  • .ad/x12.js requests Microsoft/Google OAuth scopes for Mail.Read, Contacts.Read, People.Read, and offline_access, then saves tokens to smtps.txt.
  • .ad/x12.js extracts contacts from Microsoft Graph and IMAP inbox/sent folders.
  • src/web-panel/ws.js injects a webmail panel that fills recipients, subject/body, and clicks Send in Gmail/Outlook/Yahoo.
  • .ad/x10.js wraps HTML links through redirectors and references interact.sh patterns.
Evidence against
  • scripts/postinstall.js only creates a Windows nolimit.cmd shim and exits on non-Windows.
  • No install-time credential harvesting or exfiltration found in inspected lifecycle script.
  • Network endpoints are tied to license/OAuth/DNS or user-invoked mail/contacts workflows, not hidden install-time C2.
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 19.0 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/web-panel/ws.jsView file
269contains invisible/control Unicode U+202A (left-to-right embedding) const sendBtn = document.querySelector('[data-tooltip="Send <U+202A>(Ctrl-Enter)<U+202C>"]') ||
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

src/web-panel/ws.jsView on unpkg · L269
scripts/postinstall.jsView file
matchType = normalized_sha256 matchedPackage = nolimit-agent@1.0.318 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.318 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

scripts/postinstall.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = cbd26ae1248ea37f signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = nolimit-agent@1.0.318 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.318 similarity = 1.000 shingleOverlap = 1 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

scripts/postinstall.jsView on unpkg

Findings

1 Critical3 High2 Medium4 Low
CriticalTrojan Source Unicodesrc/web-panel/ws.js
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similarityscripts/postinstall.js
HighKnown Malware Source Fingerprint Signaturescripts/postinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings