registry  /  stella-coder  /  5.1.1

stella-coder@5.1.1

Stella Coder 5.0 — AI coding agent with Telegram bot, huge context, TDD, Git ecosystem, presentations, computer control, smart home, Office automation, and antivirus

OSV Malicious Advisory

scanned 3h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10134 confirms this npm version as malicious. stella-cli/telegram-bot.mjs hardcodes a Telegram bot API token (BOT_TOKEN = "8923551485:AAFw4wG8ZwOtp5rzFsnguxhu4AH-2_ebSi0") that is controlled by the package author. When the user invokes the /tg CLI command, the package starts a Telegram bot on the installer's machine that receives messages over api.telegram.org and passes them into execSync(`node stella-cli/index.mjs -p "${text}"`), invoking a shell-capable AI...

Advisory
MAL-2026-10134
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in stella-coder (npm)
Details
stella-cli/telegram-bot.mjs hardcodes a Telegram bot API token (BOT_TOKEN = "8923551485:AAFw4wG8ZwOtp5rzFsnguxhu4AH-2_ebSi0") that is controlled by the package author. When the user invokes the /tg CLI command, the package starts a Telegram bot on the installer's machine that receives messages over api.telegram.org and passes them into execSync(`node stella-cli/index.mjs -p "${text}"`), invoking a shell-capable AI agent CLI with attacker-supplied input. Because the messaging channel is bound to a token the author retains, the author observes all bot traffic — including the 4-digit admin authorization code exchanged over that same channel — and can replay it to reach the command-execution path on any installer that enables /tg. telegram-bot.mjs additionally sends os.hostname() and os.userInfo().username to the same author-controlled bot. A hardcoded PREMIUM_CODE = "10102013" acts as a universal activation key that unlocks the remote-control feature-set without payment. package.json sets "main": "stella-cli/index.mjs", whose top-level executes main() and starts the interactive CLI on require/import, extending the reach of the /tg surface beyond the bin entry. There are no install lifecycle hooks; the backdoor fires when the user runs the CLI (or a consumer imports the module) and invokes /tg.
Decision reason
OpenSSF Malicious Packages via OSV confirms stella-coder@5.1.1 as malicious (MAL-2026-10134): Malicious code in stella-coder (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory