AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package offers an explicitly enabled Telegram remote-control bot using a hard-coded shared bot identity. After local authorization, Telegram message text reaches a shell-backed `execSync` call and its output is returned to Telegram.
OSV Corroboration
OpenSSF/OSVDecision evidence
public snapshot- `stella-cli/telegram-bot.mjs` embeds a Telegram bot credential and polls `api.telegram.org`.
- `stella-cli/index.mjs` exposes bot startup only through the explicit `/tg` command.
- Authenticated Telegram text is interpolated into an `execSync` shell command in `stella-cli/telegram-bot.mjs`.
- Command output is sent back to the Telegram chat, enabling remote command-result disclosure.
- The bot persists authorization and session state under its own `.stella` configuration directory.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` hook.
- Telegram polling begins only after the user runs `/tg`.
- Remote command handling checks a locally stored authorized-user list before execution.
- No source evidence found of automatic environment-variable or credential-file harvesting.
- No foreign AI-agent configuration mutation was found.
Source & flagged code
19 flagged · loading sourcePackage source references child process execution.
releases/stella-antivirus/scanner.mjsView on unpkg · L2Package source references shell execution.
releases/stella-antivirus/scanner.mjsView on unpkg · L336Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/tools.mjsView on unpkgPackage source references dynamic require/import behavior.
dist/tools.mjsView on unpkg · L345Source file is highly similar to a previously finalized malicious package; route for source-aware review.
releases/stella-antivirus/database.mjsView on unpkgPackage source references weak cryptographic algorithms.
releases/stella-antivirus/database.mjsView on unpkg · L165Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/index.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/index.mjsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
releases/stella-coder/telegram-bot.mjsView on unpkg · L4Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
releases/stella-coder/build.mjsView on unpkg · L4A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
stella-cli/telegram-bot.mjsView on unpkg · L4Package source invokes a package manager install command at runtime.
releases/stella-coder/coding-brain.mjsView on unpkg · L639Package ships non-JavaScript build or shell helper files.
run-antivirus.batView on unpkgPackage ships high-entropy non-source blobs.
releases/stella-antivirus.zipView on unpkgPackage ships compressed or archive-like blobs.
releases/stella-antivirus.zipView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
releases/stella-antivirus.zipView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.opencode/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
antimalware/database.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/antimalware/database.mjsView on unpkg