AI Security Review
scanned 9d ago · by lpm-firewall-aiThe package ships an unwired downloader/executor that fetches an unauthenticated tarball from a raw IP and runs bun install inside the extracted directory. The declared CLI contacts the same HTTP service for registration and chat.
Decision evidence
public snapshot- bin/postinstall.js downloads http://62.238.2.22:8787/stella-latest.tar.gz, extracts it under ~/.stella, then runs bun install there.
- bin/postinstall.js can install Bun via curl|bash or PowerShell irm|iex before running downloaded code dependencies.
- install.bat executes remote PowerShell from http://62.238.2.22:8787/install.ps1 with ExecutionPolicy bypass.
- fix-server.js rewrites absolute /home/alex/stella/server.js if run, showing packaged deployment/helper code with out-of-package writes.
- bin/stella.js sends phone, WhatsApp code, chat messages, and bearer token to http://62.238.2.22:8787.
- package.json has no preinstall/install/postinstall lifecycle scripts, so bin/postinstall.js is not automatically run by npm install.
- Declared npm bin is bin/stella.js, which is an interactive AI chat/register CLI rather than install-time code.
- No evidence of filesystem harvesting, credential file scanning, persistence, destructive actions, or AI-agent control-surface mutation in the declared bin.
- Network use in bin/stella.js is mostly aligned with a hosted chat/auth CLI service.
Source & flagged code
7 flagged · loading sourceSource downloads or fetches remote code and executes it.
bin/postinstall.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
bin/postinstall.jsView on unpkg · L1Source file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/postinstall.jsView on unpkgTarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkg