AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package is a high-risk AI agent/remote-control CLI, but activation is explicit and package-aligned. No install-time execution or automatic data exfiltration was confirmed.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- stella-cli/telegram-bot.mjs hardcodes a Telegram bot token and API URL.
- User-invoked /tg starts polling Telegram and can run local Stella commands from authenticated chats.
- stella-cli/index.mjs exposes user-invoked shell/network/system commands like /run, /curl, /wget, /env, /clipboard.
- stella-cli/tg-server.bat loops and restarts the Telegram bot server when explicitly launched.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- telegram-bot.mjs is imported by CLI but polling starts only via /tg or tg-server.mjs.
- Telegram remote control requires a locally generated admin code before accepting commands.
- No source-grounded credential harvesting or automatic exfiltration found during inspection.
Source & flagged code
14 flagged · loading sourcePackage source references weak cryptographic algorithms.
dist/antimalware/database.mjsView on unpkg · L165Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
dist/index.mjsView on unpkg · L1371Source writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
stella-cli/telegram-bot.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package ships high-entropy non-source blobs.
stella-coder-3.9.2.tgzView on unpkgPackage ships compressed or archive-like blobs.
stella-coder-3.9.2.tgzView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
stella-coder-3.9.2.tgzView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
stella-cli/index.mjsView on unpkg