AI Security Review
scanned 9d ago · by lpm-firewall-aiThe package runs a postinstall bootstrap that downloads a mutable remote tarball, extracts it into the user's home directory, installs dependencies, and later executes code from that location. This gives the remote host install-time and runtime code control outside the npm artifact.
Decision evidence
public snapshot- package.json defines install-time postinstall: node ./bin/postinstall.js.
- bin/postinstall.js downloads http://62.238.2.22:8787/stella-latest.tar.gz over plaintext HTTP during install.
- bin/postinstall.js extracts the downloaded tarball into ~/.stella and runs bun install there.
- bin/postinstall.js pipes remote Bun installer scripts into shell/powershell when Bun is absent.
- bin/stella.js executes ~/.stella/packages/opencode/src/index.ts with Bun and inherited environment.
- bin/stella.js defaults STELLA_HUB_URL to http://62.238.2.22:8787 and token to stella-public.
- No credential harvesting logic found in packaged source.
- No persistence beyond the installed ~/.stella runtime directory and CLI wrapper was found.
- The package presents as a CLI installer, but the install-time mutable remote payload is not bundled or integrity-pinned.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/stella.jsView on unpkg · L1Source downloads or fetches remote code and executes it.
bin/postinstall.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
bin/postinstall.jsView on unpkg · L1