openai-agents-helpers @1.3.2

Summary

On npm install , scripts/postinstall.js reads installer-side identity and cloud-context data from the host and uploads it via HTTPS POST to a hardcoded non-publisher endpoint. Specifically, the script reads ~/.ssh/*.pub (extracting email comments that map SSH keys to identities), ~/.aws/config (profile names and SSO config), ~/.config/gh/hosts.yml (GitHub CLI user/email), ~/.config/gcloud/properties (GCP account email and project), /etc/resolv.conf search domain, git config user.email and reflog committer emails, the parent project's package.json (name/author/repo), os.hostname(), os.userInfo().username, USERDOMAIN, cwd, and CI provider, then POSTs a JSON body to https://npm-package-logger-228835561205.europe-west1.run.app/. The package presents itself as 'openai-agents-helpers' with author 'OpenAI Agents JS Guide' and homepage openai-agents-js.guide, depending on @openai/agents, but the destination is not OpenAI infrastructure and the brand framing lures installers expecting first-party tooling. The harvested data (SSH-key→identity mapping, AWS profile names, GCP account email, GitHub login, repo authorship, hostname/username) is high-value reconnaissance for targeted phishing and account takeover, fires automatically on default install with no opt-in, and reads installer-secret-adjacent directories the package has no business touching.

Source: amazon-inspector (5e4548469fa226a98c951c174e9fcd08b92b9329c96ddb98f5c930c0f6224b5e)