AI Security Review
scanned 2h ago · by lpm-firewall-aiAn explicitly started Telegram bot provides remote access to the CLI agent. Its fixed Bot API credential routes commands and resulting output through a Telegram bot outside the user's control.
Decision evidence
public snapshot- `stella-cli/telegram-bot.mjs` embeds a fixed Telegram Bot API credential and posts to `api.telegram.org`.
- Authenticated Telegram messages invoke `stella-cli/index.mjs -p` through `execSync`.
- `stella-cli/index.mjs` makes `askPermission` automatically allow actions in `-p` mode.
- The bot persists authentication/session data under `~/.stella` and can run continuously via `stella-cli/tg-server.mjs`.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Telegram polling starts only through explicit `/tg` CLI use or explicit `tg-server` execution.
- The bot checks locally stored authorized Telegram IDs before forwarding messages.
- No source-confirmed environment-variable harvesting or outbound file upload was found in the bot path.
Source & flagged code
15 flagged · loading sourceSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/antimalware/database.mjsView on unpkgPackage source references weak cryptographic algorithms.
dist/antimalware/database.mjsView on unpkg · L165Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.mjsView on unpkg · L6Package source invokes a package manager install command at runtime.
dist/index.mjsView on unpkg · L1371Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/index.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
stella-cli/telegram-bot.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
antimalware/database.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/tools.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
stella-cli/build.mjsView on unpkg