AI Security Review
scanned 2h ago · by lpm-firewall-aiAn explicitly started Telegram bot accepts authenticated remote messages and inserts them into a shell command. Its print-mode CLI invocation bypasses the package's interactive tool-approval gate, enabling remote local-system actions.
Decision evidence
public snapshot- `stella-cli/telegram-bot.mjs` embeds a Telegram bot credential and polls `api.telegram.org`.
- Authenticated Telegram messages reach `execSync` in `stella-cli/telegram-bot.mjs`.
- The command interpolates message text into a shell command; only double quotes are escaped, leaving shell substitutions possible.
- The invoked CLI uses `-p`, and `stella-cli/index.mjs` makes print mode auto-approve every tool permission.
- `stella-cli/tools.mjs` exposes shell execution, file access, environment reads, and network fetching.
- Telegram authorization uses an unthrottled four-digit local admin code.
- `package.json` defines no npm preinstall, install, or postinstall hook.
- Starting the Telegram bot requires the explicit `/tg` CLI command.
- The package stores bot authorization locally under `~/.stella`.
Source & flagged code
11 flagged · loading sourcePackage source references weak cryptographic algorithms.
dist/antimalware/database.mjsView on unpkg · L165Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
dist/index.mjsView on unpkg · L1371Source writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
stella-cli/telegram-bot.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
stella-cli/git-api.mjsView on unpkg