Secure your dependencies. Ship with confidence.

This script is sending sensitive system information to a remote server. This behavior is considered highly suspicious and malicious.

Live on npm for 25 days, 13 hours and 43 minutes before removal. Socket users were protected even while the package was live.

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

This package contains heavily obfuscated code that completely hides its functionality. The extreme level of obfuscation is highly suspicious and typically indicates malicious intent. Cannot determine actual behavior without deobfuscation, but the obfuscation itself represents a significant security risk.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

The code exhibits malicious behavior by collecting and sending sensitive system and package information to a suspicious domain without user consent. This poses a significant security risk.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

This module is designed to discover and extract Telegram session credentials and related metadata from a Windows user's local filesystem and Chrome LevelDB stores. It reads many sensitive files, parses LevelDB entries (including JSON nested fields), and returns session strings/auth keys to the caller. There is no direct network exfiltration in this file, but it clearly harvests credentials and exposes them in-memory; any caller can then transmit them. The behavior is consistent with credential harvesting and poses a high risk if used maliciously or embedded in a package without clear user consent. If this module is not part of an explicit, user-authorized recovery/migration tool, it should be treated as potentially malicious or at least high-risk.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] This skill's stated purpose (research facilitation with disposable spikes and document management) aligns with its documented capabilities. No obvious credential harvesting, obfuscated code, or network exfiltration is present in the provided text. The primary security concerns are operational: the skill executes shell commands and performs destructive filesystem operations (rm -rf) and file moves — these are legitimate for spike cleanup and archival but must be sandboxed and given tight path validation. If deployed, ensure the agent runs with least privilege, limits Bash/Task usage to the intended scratch directory, validates/escapes filenames, and does not run as a privileged system account. Overall: functionally coherent and benign in purpose, but operational safeguards are required to prevent accidental or malicious file-system damage. LLM verification: This SKILL.md describes a plausible, legitimate research facilitation skill whose capabilities (reading local docs, creating disposable spikes, writing logs and essays) generally align with its stated purpose. However, it contains high-impact filesystem operations (explicit rm -rf to delete spike directories, archival/move commands) and guidance that can be used to hide actions or remove evidence. There are no network endpoints, hardcoded secrets, obfuscated payloads, or code-injection construct

The code contains several indicators of malicious behavior, including the use of a reverse shell and obfuscation techniques. The potential for unauthorized access and data exfiltration is significant, warranting high risk and malware scores.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This small shell snippet is a high-risk remote code execution primitive: it reads length-prefixed payloads from stdin and executes them with eval, then emits a sentinel with the exit code. The code itself contains no obfuscation or explicit backdoor artifacts, but when stdin is attacker-controlled it enables arbitrary command execution and reliable feedback to the attacker. Do not use this with untrusted input; if required, add strong input validation, authentication, and sandboxing.

This module is a network-exposed encrypted file transfer service that can read arbitrary server-side files specified by a requester-controlled path and transmit them back over TCP after operator approval. The absence of client authentication and lack of filename/path allowlisting make it highly capable for unauthorized file disclosure and exfiltration. Although it does not show direct stealth/persistence or command execution in this snippet, its behavior aligns strongly with backdoor-like file-read/exfiltration functionality, making it unsuitable for production use without strict access controls, path confinement, and authentication.

The code exhibits behavior characteristic of malware, specifically targeting data exfiltration and potential command and control activities. The unusual domain name and the type of data collected strongly suggest malicious intent.

Live on npm for 17 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.

The code collects sensitive system information including the user's home directory, hostname, username, DNS servers, and package information, and sends this data to an external server at p9ztc9q9o8swj255tukbccr4qvwlka[.]burpcollaborator[.]net without user consent. This behavior constitutes data exfiltration and poses a significant security risk.

Live on npm for 11 days, 22 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This file is highly suspicious and poses a significant supply-chain risk. The wrapper intentionally hides executable source and executes it at import-time via exec(), which gives the payload unrestricted access to the running process. Static review cannot determine the payload's actions; treat the package as untrusted until the decompressed code is inspected in a safe, isolated environment. Immediate actions: block use/import, offline-decompress and audit the payload, and if it was executed in production or developer systems follow incident response steps (isolate, collect indicators, scan for network activity and local artifacts, rotate secrets).

Live on pypi for 11 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This module behaves like an agent that fingerprints the host (MAC, disk serial, IP, CPU/GPU) and connects to a remote management server, sending a unique machine identifier and IP immediately on connect. The hard-coded external IP/port and inclusion of a 'miner' dependency are strong indicators this is part of a remote-managed mining or botnet framework or otherwise unwanted remote agent. Given the data exfiltration of hardware identifiers and the auto-connect to a remote host, this code should be treated as suspicious and potentially malicious for most application contexts. Further review of tss.js, miner.js, and utils.js is required to confirm full behavior.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 2 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code is malicious and performs covert data exfiltration of system environment information via DNS queries to an attacker-controlled domain. It uses DNS tunneling techniques and evasion mechanisms, representing a high security risk and clear malware behavior.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This script is sending sensitive system information to a remote server. This behavior is considered highly suspicious and malicious.

Live on npm for 25 days, 13 hours and 43 minutes before removal. Socket users were protected even while the package was live.

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

This package contains heavily obfuscated code that completely hides its functionality. The extreme level of obfuscation is highly suspicious and typically indicates malicious intent. Cannot determine actual behavior without deobfuscation, but the obfuscation itself represents a significant security risk.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

The code exhibits malicious behavior by collecting and sending sensitive system and package information to a suspicious domain without user consent. This poses a significant security risk.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

This module is designed to discover and extract Telegram session credentials and related metadata from a Windows user's local filesystem and Chrome LevelDB stores. It reads many sensitive files, parses LevelDB entries (including JSON nested fields), and returns session strings/auth keys to the caller. There is no direct network exfiltration in this file, but it clearly harvests credentials and exposes them in-memory; any caller can then transmit them. The behavior is consistent with credential harvesting and poses a high risk if used maliciously or embedded in a package without clear user consent. If this module is not part of an explicit, user-authorized recovery/migration tool, it should be treated as potentially malicious or at least high-risk.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] This skill's stated purpose (research facilitation with disposable spikes and document management) aligns with its documented capabilities. No obvious credential harvesting, obfuscated code, or network exfiltration is present in the provided text. The primary security concerns are operational: the skill executes shell commands and performs destructive filesystem operations (rm -rf) and file moves — these are legitimate for spike cleanup and archival but must be sandboxed and given tight path validation. If deployed, ensure the agent runs with least privilege, limits Bash/Task usage to the intended scratch directory, validates/escapes filenames, and does not run as a privileged system account. Overall: functionally coherent and benign in purpose, but operational safeguards are required to prevent accidental or malicious file-system damage. LLM verification: This SKILL.md describes a plausible, legitimate research facilitation skill whose capabilities (reading local docs, creating disposable spikes, writing logs and essays) generally align with its stated purpose. However, it contains high-impact filesystem operations (explicit rm -rf to delete spike directories, archival/move commands) and guidance that can be used to hide actions or remove evidence. There are no network endpoints, hardcoded secrets, obfuscated payloads, or code-injection construct

The code contains several indicators of malicious behavior, including the use of a reverse shell and obfuscation techniques. The potential for unauthorized access and data exfiltration is significant, warranting high risk and malware scores.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This small shell snippet is a high-risk remote code execution primitive: it reads length-prefixed payloads from stdin and executes them with eval, then emits a sentinel with the exit code. The code itself contains no obfuscation or explicit backdoor artifacts, but when stdin is attacker-controlled it enables arbitrary command execution and reliable feedback to the attacker. Do not use this with untrusted input; if required, add strong input validation, authentication, and sandboxing.

This module is a network-exposed encrypted file transfer service that can read arbitrary server-side files specified by a requester-controlled path and transmit them back over TCP after operator approval. The absence of client authentication and lack of filename/path allowlisting make it highly capable for unauthorized file disclosure and exfiltration. Although it does not show direct stealth/persistence or command execution in this snippet, its behavior aligns strongly with backdoor-like file-read/exfiltration functionality, making it unsuitable for production use without strict access controls, path confinement, and authentication.

The code exhibits behavior characteristic of malware, specifically targeting data exfiltration and potential command and control activities. The unusual domain name and the type of data collected strongly suggest malicious intent.

Live on npm for 17 hours and 2 minutes before removal. Socket users were protected even while the package was live.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code exhibits a high-risk remote-install pattern: downloading and executing a remote installer script without validation, which constitutes remote code execution risk and supply-chain risk. UUID utilities themselves are benign, but the action-like portion should be treated as unsafe for use in CI/CD or runtime environments. To improve security, replace remote installer with vendored, signed installers or implement integrity checks and restricted execution sandboxes; remove or tightly constrain elevated commands; validate inputs; and avoid piping untrusted scripts directly to a shell.

The code collects sensitive system information including the user's home directory, hostname, username, DNS servers, and package information, and sends this data to an external server at p9ztc9q9o8swj255tukbccr4qvwlka[.]burpcollaborator[.]net without user consent. This behavior constitutes data exfiltration and poses a significant security risk.

Live on npm for 11 days, 22 hours and 16 minutes before removal. Socket users were protected even while the package was live.

This file is highly suspicious and poses a significant supply-chain risk. The wrapper intentionally hides executable source and executes it at import-time via exec(), which gives the payload unrestricted access to the running process. Static review cannot determine the payload's actions; treat the package as untrusted until the decompressed code is inspected in a safe, isolated environment. Immediate actions: block use/import, offline-decompress and audit the payload, and if it was executed in production or developer systems follow incident response steps (isolate, collect indicators, scan for network activity and local artifacts, rotate secrets).

Live on pypi for 11 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This module behaves like an agent that fingerprints the host (MAC, disk serial, IP, CPU/GPU) and connects to a remote management server, sending a unique machine identifier and IP immediately on connect. The hard-coded external IP/port and inclusion of a 'miner' dependency are strong indicators this is part of a remote-managed mining or botnet framework or otherwise unwanted remote agent. Given the data exfiltration of hardware identifiers and the auto-connect to a remote host, this code should be treated as suspicious and potentially malicious for most application contexts. Further review of tss.js, miner.js, and utils.js is required to confirm full behavior.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 2 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

The code is malicious and performs covert data exfiltration of system environment information via DNS queries to an attacker-controlled domain. It uses DNS tunneling techniques and evasion mechanisms, representing a high security risk and clear malware behavior.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.