registry  /  nolimit-agent  /  1.0.327

nolimit-agent@1.0.327

Advanced email sender

AI Security Review

scanned 1d ago · by lpm-firewall-ai

The package is a bulk email/phishing automation kit with browser webmail injection, spoofed sender generation, and message evasion. Install hooks are not the primary attack; the user-invoked CLI activates the abusive capability.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review
Trigger
Running the nolimit CLI, especially send/web/setup commands after install
Impact
Enables phishing/spam campaigns, webmail abuse, contact extraction, and evasive message generation
Mechanism
bulk SMTP/webmail sending with evasion and spoofing helpers
Attack narrative
After install, the nolimit CLI can load recipient lists and templates, generate deceptive sender identities, apply email evasion transformations, send through SMTP/direct MX/proxies, and inject a Chrome extension panel into active webmail tabs to automate compose/send actions. The lifecycle hooks mainly set up acceptance and a Windows shim, but the shipped runtime is an operational phishing/spam tool.
Rationale
Source inspection shows concrete phishing/spam automation, sender spoofing, webmail injection, and evasion features rather than benign package-aligned functionality. The install hooks are not themselves hijacking AI or persistence surfaces, but the package’s core runtime is malicious abuse tooling.
Evidence
package.jsonscripts/preinstall.jsscripts/postinstall.js.ad/x0.js.ad/web-command.js.ad/advanced-evasion.js.ad/from-generator.jssrc/web-panel/ws.jstemplates/functions.txttemplates/config.json~/.nolimit/eula.jsonnolimit.cmdconfig.jsonemails.txtmessages.htmlsocks.txtdkim_keys/.dkim-state.jsondkim_keys/<domain>.pem
Network endpoints6
127.0.0.1:9227smtp.example.comsmtp.gmail.comsmtp-mail.outlook.comsmtp.office365.comsmtp.sendgrid.net

Decision evidence

public snapshot
AI called this Malicious at 94.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json exposes install hooks and obfuscated CLI main .ad/x0.js as bin nolimit
  • templates/functions.txt documents bulk campaigns, direct_mx, raw_smtp, turbo_mode, QR links, DKIM setup, contact extraction
  • src/web-panel/ws.js injects a panel into webmail and programmatically composes/sends to target email lists
  • .ad/web-command.js generates a Chrome extension with <all_urls>, scripting, activeTab and injects ws.js via a localhost WebSocket
  • .ad/advanced-evasion.js contains email evasion logic: hidden text, Unicode jitter, benign noise, aria-label injection
  • .ad/from-generator.js generates service-style sender names like securityalerts/loginverification
Evidence against
  • preinstall only prompts for EULA in TTY and writes ~/.nolimit/eula.json
  • postinstall only creates a Windows nolimit.cmd shim for the package entrypoint
  • No evidence of credential harvesting or exfiltration during install
  • No foreign AI-agent control-surface writes found
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 22.5 KB of source

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = node scripts/preinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/web-panel/ws.jsView file
269contains invisible/control Unicode U+202A (left-to-right embedding) const sendBtn = document.querySelector('[data-tooltip="Send <U+202A>(Ctrl-Enter)<U+202C>"]') ||
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

src/web-panel/ws.jsView on unpkg · L269
scripts/postinstall.jsView file
matchType = normalized_sha256 matchedPackage = nolimit-agent@1.0.318 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.318 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

scripts/postinstall.jsView on unpkg

Findings

1 Critical2 High3 Medium4 Low
CriticalTrojan Source Unicodesrc/web-panel/ws.js
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similarityscripts/postinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings