AI Security Review
scanned 2h ago · by lpm-firewall-aiAn explicitly enabled Telegram bot exposes a remote control path for the local AI CLI. Its public hardcoded bot token makes that control channel and its messages depend on an unprotected shared credential.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- `stella-cli/telegram-bot.mjs` hardcodes a Telegram bot token.
- `startBot()` long-polls Telegram and handles remote messages.
- Authenticated Telegram text is passed to `execSync` running `stella-cli/index.mjs -p`.
- The bot collects host, network-interface, and Windows disk-serial data.
- `stella-cli/tg-bg.bat` can launch the bot in background.
- `package.json` has no preinstall, install, or postinstall hook.
- Telegram control is activated by explicit `/tg` CLI use or supplied batch files.
- Bot state is stored under the package-owned `~/.stella` directory.
- No source-confirmed credential-file harvesting or unsolicited exfiltration was found.
- `releases/stella-antivirus.zip` contains matching antivirus source, not an opaque executable payload.
Source & flagged code
18 flagged · loading sourcePackage source references child process execution.
releases/stella-antivirus/scanner.mjsView on unpkg · L2Package source references shell execution.
releases/stella-antivirus/scanner.mjsView on unpkg · L336Package source references weak cryptographic algorithms.
releases/stella-antivirus/database.mjsView on unpkg · L165Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/index.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
releases/stella-coder/telegram-bot.mjsView on unpkg · L4Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
releases/stella-coder/build.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package source invokes a package manager install command at runtime.
releases/stella-coder/coding-brain.mjsView on unpkg · L639Package ships non-JavaScript build or shell helper files.
run-antivirus.batView on unpkgPackage ships high-entropy non-source blobs.
releases/stella-antivirus.zipView on unpkgPackage ships compressed or archive-like blobs.
releases/stella-antivirus.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
releases/stella-antivirus.zipView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
releases/stella-coder/git-api.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
antimalware/database.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/antimalware/database.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/tools.mjsView on unpkg