AI Security Review
scanned 3h ago · by lpm-firewall-aiAn explicitly enabled Telegram bot accepts messages from locally authorized users and runs them through the CLI in print mode. Results are sent back through Telegram; the hard-coded bot token makes the package author’s bot account a control-plane dependency.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- `stella-cli/telegram-bot.mjs` embeds a Telegram bot token and polls `api.telegram.org`.
- Authorized Telegram messages are passed to `node stella-cli/index.mjs -p` via `execSync`.
- Bot returns command output to Telegram, creating a remote command/control channel.
- `stella-cli/index.mjs` enables Telegram only through explicit `/tg`; no npm lifecycle hook exists.
- `stella-cli/index.mjs` has user-invoked script and scheduled-task commands.
- `package.json` defines no `preinstall`, `install`, `postinstall`, or `prepare` hook.
- Telegram authorization requires a locally generated one-time admin code.
- No source evidence of automatic credential harvesting or unsolicited outbound file uploads.
- `.opencode/skills/ui-ux-pro-max/scripts/design_system.py` is readable design-system source, not a concealed binary payload.
Source & flagged code
11 flagged · loading sourcePackage source references weak cryptographic algorithms.
dist/antimalware/database.mjsView on unpkg · L165Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
dist/index.mjsView on unpkg · L1371Source writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
stella-cli/telegram-bot.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
stella-cli/index.mjsView on unpkg