AI Security Review
scanned 39m ago · by lpm-firewall-aiAn explicitly started Telegram bot accepts messages from locally authorized accounts and invokes the Stella CLI. The CLI exposes agent tools including unrestricted terminal-command execution.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- `stella-cli/telegram-bot.mjs` hard-codes a Telegram bot token and polls `api.telegram.org`.
- Authenticated Telegram messages are passed to `execSync` running `stella-cli/index.mjs -p`.
- `stella-cli/tools.mjs` exposes `terminal_exec` with “full system access”.
- Telegram authorization uses a generated four-digit code without visible rate limiting.
- `stella-cli/tg-server.bat` restarts the bot indefinitely when explicitly run.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- Telegram startup requires explicit `/tg` or user-run bot scripts.
- Bot checks a locally stored authorized-user record before dispatching messages.
- No source evidence sends environment variables, local files, or credentials to Telegram.
- Archives contain matching source copies rather than an opaque executable payload.
Source & flagged code
18 flagged · loading sourcePackage source references child process execution.
releases/stella-antivirus/scanner.mjsView on unpkg · L2Package source references shell execution.
releases/stella-antivirus/scanner.mjsView on unpkg · L336Source file is highly similar to a previously finalized malicious package; route for source-aware review.
releases/stella-antivirus/database.mjsView on unpkgPackage source references weak cryptographic algorithms.
releases/stella-antivirus/database.mjsView on unpkg · L165Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/index.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
releases/stella-coder/telegram-bot.mjsView on unpkg · L4Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
releases/stella-coder/build.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package source invokes a package manager install command at runtime.
releases/stella-coder/coding-brain.mjsView on unpkg · L639Package ships non-JavaScript build or shell helper files.
run-antivirus.batView on unpkgPackage ships high-entropy non-source blobs.
releases/stella-antivirus.zipView on unpkgPackage ships compressed or archive-like blobs.
releases/stella-antivirus.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
releases/stella-antivirus.zipView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
antimalware/database.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/antimalware/database.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/tools.mjsView on unpkg