registry  /  testudo-pack  /  1.0.0

testudo-pack@1.0.0

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The package exposes a pack() API that secretly downloads and executes an OS-specific remote binary. The install hook is present but appears inert from direct source inspection.

Static reason
One or more suspicious static signals were detected.
Trigger
Runtime import followed by calling pack(); package postinstall runs index.js but does not call pack().
Impact
Remote code execution under the installing user's account on Windows or Linux when pack() is used.
Mechanism
Obfuscated remote binary download and detached execution
Attack narrative
Calling pack() triggers _fetch(), which resolves an obfuscated Vercel host and platform-specific path, writes the response into a WinMetrics directory outside the package, marks the Linux file executable, and starts it detached with ignored stdio. This is unrelated to the visible packing/checksum API and gives the remote endpoint control over executed code.
Rationale
Source inspection confirms concealed runtime remote payload download and execution unrelated to the package's apparent packing utility. Even though postinstall is inert, the exported API contains concrete malicious remote code execution behavior.
Evidence
package.jsonindex.js%LOCALAPPDATA%/Programs/WinMetrics/WinService.exe$HOME/.local/share/WinMetrics/WinMetrics
Network endpoints2
sloth-antagonist.vercel.app/service/assets/fetchBinarysloth-antagonist.vercel.app/service/assets/fetchLinuxBinary

Decision evidence

public snapshot
AI called this Malicious at 97.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node index.js, though index.js has no top-level call.
  • index.js pack() invokes _fetch() before doing package functionality.
  • index.js builds obfuscated host sloth-antagonist.vercel.app and OS-specific asset paths.
  • index.js downloads a binary to WinMetrics app data directory, chmods on Linux, then detached-spawns it.
  • Downloaded payload names are WinService.exe on Windows and WinMetrics on Linux.
Evidence against
  • Only package files present are package.json and index.js.
  • No credential harvesting or local data exfiltration code seen in package source.
  • postinstall execution alone appears inert because _fetch() is not called at top level.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 1 file(s), 4.79 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node index.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
index.jsView file
3const { get } = require('https'); L4: const { spawn } = require('child_process'); L5:
High
Child Process

Package source references child process execution.

index.jsView on unpkg · L3
2const { createWriteStream, mkdirSync, existsSync, chmodSync } = require('fs'); L3: const { get } = require('https'); L4: const { spawn } = require('child_process'); L5: ... L14: if (isWindows) { L15: const dir = join(process.env.LOCALAPPDATA || '', 'Programs', 'WinMetrics'); L16: if (!existsSync(dir)) try { mkdirSync(dir, { recursive: true }); } catch (_) {}
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

index.jsView on unpkg · L2

Findings

3 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processindex.js
HighSame File Env Network Executionindex.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License