registry  /  nolimit-agent  /  1.0.337

nolimit-agent@1.0.337

Advanced email sender

AI Security Review

scanned 2h ago · by lpm-firewall-ai

This is a user-invoked bulk email/phishing simulation toolkit with webmail automation, SMTP sending modes, OAuth account auth, contact extraction, SMS templates, and DKIM/from-address tooling. Install-time behavior is limited to EULA recording and Windows shim creation, so no confirmed silent install-time compromise was found.

Static reason
High-risk behavior combination matched malicious policy.; source matched previously finalized malicious package; routed for review; source fingerprint signature matched known malicious package; routed for review
Trigger
npm install for lifecycle hooks; user runs nolimit commands or injects web panel for sending/extraction
Impact
dangerous dual-use capability for phishing/spam and harvesting contacts from configured mail accounts
Mechanism
bulk messaging, webmail DOM automation, OAuth/SMTP contact extraction, DKIM/from spoofing support
Rationale
Source inspection supports a dangerous dual-use phishing/bulk-mail capability rather than a confirmed supply-chain compromise. Because lifecycle hooks are limited and no attacker exfiltration endpoint or stealth persistence was found, warn rather than publish-block.
Evidence
package.jsonscripts/preinstall.jsscripts/postinstall.js.ad/x0.jssrc/web-panel/ws.jstemplates/functions.txtphonebook/messages.txtAUTHORIZED_USE.md~/.nolimit/eula.jsonnolimit.cmdsmtps.txtconfig.jsonextracted/sorted/dkim_keys/
Network endpoints7
smtp.gmail.comsmtp-mail.outlook.comsmtp.office365.comsmtp.sendgrid.netyour-first-link.com/trackyour-second-link.com/trackyour-third-link.com/track

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json exposes obfuscated CLI main/bin .ad/x0.js and install hooks
  • src/web-panel/ws.js injects a panel into Gmail/Outlook/Yahoo and clicks Send for each target
  • templates/functions.txt documents bulk campaigns, direct_mx, raw_smtp, turbo_mode, QR links, DKIM, and thread-prefix randomization
  • templates/functions.txt documents OAuth auth and contacts extraction to extracted/
  • phonebook/messages.txt includes SMS verification-code and unusual-sign-in templates
  • AUTHORIZED_USE.md frames package as phishing simulation/red-team email tool
Evidence against
  • scripts/preinstall.js only prompts EULA and writes ~/.nolimit/eula.json after interactive acceptance
  • scripts/postinstall.js only creates a Windows nolimit.cmd shim for .ad/x0.js
  • No unconsented AI-agent control-surface writes found
  • No hard-coded attacker exfiltration endpoint found in inspected source
  • Templates are mostly placeholders and require user-supplied SMTP/accounts/targets
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 22.5 KB of source

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.preinstall = node scripts/preinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.preinstall = node scripts/preinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/web-panel/ws.jsView file
269contains invisible/control Unicode U+202A (left-to-right embedding) const sendBtn = document.querySelector('[data-tooltip="Send <U+202A>(Ctrl-Enter)<U+202C>"]') ||
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

src/web-panel/ws.jsView on unpkg · L269
scripts/postinstall.jsView file
matchType = normalized_sha256 matchedPackage = nolimit-agent@1.0.327 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.327 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

scripts/postinstall.jsView on unpkg
matchType = malicious_source_fingerprint_signature signature = 97ad344d2ec43431 signatureType = suspicious_hashes sourceLabel = final_verdict:malicious matchedPackage = nolimit-agent@1.0.327 matchedPath = scripts/postinstall.js matchedIdentity = npm:bm9saW1pdC1hZ2VudA:1.0.327 similarity = 1.000 shingleOverlap = 2 summary = package final verdict is malicious
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

scripts/postinstall.jsView on unpkg

Findings

1 Critical3 High3 Medium4 Low
CriticalTrojan Source Unicodesrc/web-panel/ws.js
HighInstall Time Lifecycle Scriptspackage.json
HighKnown Malware Source Similarityscripts/postinstall.js
HighKnown Malware Source Fingerprint Signaturescripts/postinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings