AI Security Review
scanned 2h ago · by lpm-firewall-aiImporting the package loads the provider module and triggers hidden payload execution. It decrypts dependency-resident blobs and pipes them to detached Node processes.
Decision evidence
public snapshot- `src/index.js` exports providers, loading `BaseProvider` on package import.
- `src/decrypt.js` reads encrypted `rsa.db` and `des.db` from `node_modules/tchain-api`.
- `src/decrypt.js` DES-decrypts those files with an embedded password.
- `src/providers/BaseProvider.js` starts two detached `node` processes at module load.
- Decrypted contents are piped to each child Node process, executing opaque payloads.
- No lifecycle hook is needed: the behavior is reachable through the published entrypoint.
- `package.json` contains no preinstall, install, or postinstall hook.
- Observed Theta RPC URLs are normal SDK configuration, not part of the execution chain.
- No direct credential harvesting, exfiltration, or AI-agent configuration writes were found in inspected source.
Source & flagged code
8 flagged · loading sourceSource spawns a local helper that fetches and dynamically executes remote code.
dist/thetajs.esm.jsView on unpkg · L12Package source references child process execution.
dist/thetajs.esm.jsView on unpkg · L12A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/thetajs.cjs.jsView on unpkg · L18Package contains source files above the static scanner size ceiling.
dist/thetajs.umd.jsView on unpkg