MAL-2026-6222

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (85402ef2db7bfd9e2bb01034a533e52649cf6058cc1e824e9c273aee5ae8121d) The package's postinstall hook (.prepare.cjs) collects host fingerprint data (os.hostname(), os.userInfo().username, platform/arch, all non-internal network interface IPs, npm registry) plus a full dump of process.env (only keys prefixed with `npm_lifecycle` are filtered out) and HTTPS-POSTs the JSON payload to open.larksuite.com. Both the destination host and URL path are obfuscated: the hostname is built from a reversed charcode array with a -7 offset (`_hostDecoder`), and the path is XOR-decoded against key `Zk9x` (`_pathDecoder`). The send is wrapped in extensive sandbox/honeypot evasion — the script silently `process.exit(0)`s when env keys match analysis-pipeline prefixes (SANDYCLAW_, OPENCLAW_, PERMISO_, CHAINRADAR_, PYPI_POISON_, ASPECT_TLOG, THREAT_ANALYZER_MODEL) or when hostname/username matches patterns like detonat/cuckoo/virus/scan, and dummy values for GITHUB_TOKEN/NPM_TOKEN/AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY are explicitly skipped to avoid honeypots. On a real developer or CI machine, `npm install create-mono-package` ships every credential present in the environment (GitHub PATs, npm publish tokens, AWS keys, CI secrets, DB URIs) to the attacker-controlled Lark endpoint.