cloud-pc-templates @1.3.0

Summary

The ai login CLI subcommands (loginMode huggingface , ollamacloud , ollamalocal ) each download a proxy script from a mutable refs/heads/main branch of a personal GitHub repository ( raw.githubusercontent.com/devashish234073/cloud-pc-templates-marketplace/refs/heads/main/JS-PROXIES/{hf-proxy.js,ollama-proxy.js,ollamaoffline-proxy.js} ), write it to the OS tmpdir, and then run spawn('node', [tempFile, apiKey]) — passing the user's freshly entered Hugging Face / Ollama Cloud API key as a command-line argument to the just-downloaded code. There is no commit pin, no tag, no checksum, and no signature verification. Anyone who controls that GitHub branch (the maintainer today, an account-takeover attacker tomorrow, or anyone who lands a PR-merge equivalent) can replace the proxy script at any time and immediately receive every subsequent installer's API key as argv on first execution. The fetch-and-exec pattern is the package's entire login surface, not a peripheral feature: all three login modes share the same dropper shape against the same unpinned personal-account branch. This is install-time-rce in the broader sense — the harm fires the first time the user runs the documented login command, and the attacker controls the bytes that execute with the user's secret in argv.

Source: amazon-inspector (044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803)