AI Security Review
scanned 4h ago · by lpm-firewall-aiThe user can explicitly start a Telegram bot with `/tg`; authorized incoming messages are executed through the package's print-mode AI agent. Print mode bypasses the normal file and shell permission prompts, leaving a remotely reachable high-privilege capability behind a weak four-digit authorization code.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- `stella-cli/telegram-bot.mjs` embeds a Telegram bot credential and polls its API.
- Authenticated Telegram messages reach `execSync` running `stella-cli/index.mjs -p` with message text.
- `-p` mode auto-approves all AI tool permissions in `stella-cli/index.mjs`.
- The invoked agent exposes filesystem, shell, and web tools through `stella-cli/tools.mjs`.
- Telegram authorization uses a four-digit one-time admin code in `stella-cli/telegram-bot.mjs`.
- No npm lifecycle scripts exist in `package.json`.
- Remote control is an advertised `/tg` feature, started by an explicit CLI command.
- No install-time execution or preinstall/install/postinstall hook was found.
- No source writes to foreign AI-agent configuration surfaces were found.
- Telegram command handling checks the local authorized-user list before execution.
- `.opencode` contains readable skill sources and ordinary Python bytecode caches, not a confirmed staged payload.
Source & flagged code
11 flagged · loading sourcePackage source references weak cryptographic algorithms.
dist/antimalware/database.mjsView on unpkg · L165Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
dist/index.mjsView on unpkg · L1371Source writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
stella-cli/telegram-bot.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
stella-cli/index.mjsView on unpkg