#010Medium2026-04-03

34MB Obfuscated Agent Framework with Anti-Debug

@cnrai/pave@0.5.28

Informe Completo
Veredicto:SUSPICIOUS — Cannot be audited, 34MB obfuscated

Visión General

Ships a single 34MB JavaScript file with anti-debugging console hijacking (overwrites console.log/warn/error/trace), hex-indexed string lookups, and array rotation obfuscation. Despite claiming to be an AI agent framework, the extreme obfuscation and anti-analysis techniques make the code impossible to audit. Legitimate AI agent frameworks are typically 50-500KB, not 34MB.

34MB
Payload Size
53
Versions Published
68x
Size vs Normal
Anti-Debug
Evasion

Flujo del Ataque

Massive Payload
Single pave.js file at 34MB — 68x larger than typical AI agent frameworks. Full javascript-obfuscator applied.
Anti-Debugging
Overwrites console.log, console.warn, console.error, and console.trace to prevent runtime analysis.
Obfuscated Sandbox
SandboxRunner.js and permission.js files also obfuscated, hiding the actual permission model from audit.

MITRE ATT&CK Mapeo

T1027Obfuscated Files — 34MB javascript-obfuscator
T1622Debugger Evasion — console method overwriting
T1036.005Masquerading — claims to be AI agent framework
T1059.007JavaScript Execution — obfuscated sandbox

Tags

ObfuscationAnti-DebugAI Framework34MBConsole Hijacking

Informe Completo

34MB Obfuscated Agent Framework: @cnrai/pave

TL;DR

@cnrai/pave@0.5.28 ships a single 34MB JavaScript file with anti-debugging console hijacking, hex-indexed string lookups, and array rotation obfuscation. Despite claiming to be an "AI agent framework", the extreme obfuscation and anti-analysis techniques make the code impossible to audit.

Package

  • Name: @cnrai/pave@0.5.28
  • Maintainer: cnrai (dev@candrholdings.com)
  • Versions: 53 (since 2026-03-08)
  • Repository: github.com/cnrai/openpave

Evidence

File Structure

pave.js                    — 34,031,472 bytes (34MB single file!)
sandbox/SandboxRunner.js   — 115,781 bytes
sandbox/permission.js      — 47,263 bytes
sandbox/pave-run.js        — 18,162 bytes
sandbox/utils/yaml.js      — 2,832 bytes

Anti-Debugging

Opus analysis confirmed: a0a/a0b pattern overwrites console.log/warn/error/trace to suppress analysis output. This is a deliberate anti-debugging technique — the code actively prevents security researchers from analyzing it.

Why 34MB Is Suspicious

Legitimate AI agent frameworks (langchain, autogen, crewai) are 50-500KB. A 34MB single JavaScript file with anti-debugging suggests either:

  1. Heavily obfuscated malicious payload embedded in legitimate code
  2. Bundled stolen code with obfuscation to hide origin
  3. Data exfiltration payload hidden in the noise of a massive file

Assessment

The repository exists and the maintainer email appears corporate (candrholdings.com). However:

  • 34MB single file is extreme for any npm package
  • Anti-debugging is a red flag regardless of legitimacy
  • The code CANNOT be audited due to obfuscation

Credits

Detected by: npm-sentinel automated scanner Date: 2026-04-03

Anterior
#009 Dependency Confusion Targeting Verisign + a2a Protocol
Siguiente
#011 Dependency Confusion with DNS Exfiltration