AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package contains a shared, hard-coded Telegram bot control channel. After explicit `/tg` activation and authorization, bot messages invoke CLI print mode; its output is sent back to Telegram. Print mode bypasses the CLI's interactive approval checks for file-write and shell tools.
Decision evidence
public snapshot- `stella-cli/telegram-bot.mjs` embeds a Telegram bot token and uses `api.telegram.org`.
- `telegram-bot.mjs` polls Telegram, executes `index.mjs -p` for authenticated messages, then relays output.
- `index.mjs` makes `-p` mode auto-approve tool permissions.
- `tools.mjs` exposes filesystem writes and shell execution; output can return to Telegram.
- `stella-cli/tg-server.bat` restarts the bot indefinitely when explicitly launched.
- `package.json` declares no preinstall/install/postinstall lifecycle hook.
- Telegram control requires explicit `/tg` activation and an authorization-code flow.
- No source confirms autonomous credential-file harvesting or stealth agent-config mutation.
Source & flagged code
15 flagged · loading sourceSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/antimalware/database.mjsView on unpkgPackage source references weak cryptographic algorithms.
dist/antimalware/database.mjsView on unpkg · L165Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
dist/index.mjsView on unpkg · L1371Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/index.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
stella-cli/telegram-bot.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
antimalware/database.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/tools.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
stella-cli/build.mjsView on unpkg