Secure your dependencies. Ship with confidence.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This module is an automation tool that, given Discord user tokens, enumerates servers, creates permanent invite links when necessary, and sends those invite links plus guild names to an external Telegram endpoint. The functionality enables exfiltration and unauthorized propagation into servers and could be used to escalate or distribute malicious campaigns. The code contains clear misuse patterns (credential abuse, creation of durable invites, external exfiltration) and is highly suspicious. Treat as malicious tooling — do not run with real tokens; remove and investigate any exposure of tokens.

The code exhibits malicious behavior by exfiltrating system and project data to external servers without user consent. This poses a significant security risk.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

[Skill Scanner] Installation of third-party script detected This SKILL.md is a plausible, internally consistent health/diagnostic skill for OrchestKit. Its capabilities (reading local plugin files, memory, hooks, .mcp.json, and env var presence) align with the stated purpose. There are no signs of obfuscated or remote-exfiltration behavior in the provided document. Primary caution: the tool reads and reports on local files and environment variables — users should avoid sharing full reports that may include sensitive configuration details. Recommend review and safe handling of generated reports, but the skill itself appears benign. LLM verification: The 'doctor' skill documentation describes a legitimate local diagnostics tool whose actions (reading local plugin/memory/config files, validating schemas, checking build artifacts, optional installs) align with its stated purpose. There is no explicit malicious code or obfuscation in the provided content. The primary security risks are operational: reading sensitive files (.mcp.json, memory files) and performing network installs via npm/npx which can introduce supply-chain risk. Use is reasonab

This fragment is an explicit instruction to execute `chmod -R 777 /etc/`, a highly destructive action that would severely compromise system integrity by recursively weakening permissions on a critical OS directory. The snippet contains no additional code for tracking or exfiltration, but the included directive alone represents a major security threat if executed.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This module is consistent with malicious C2 beaconing: it performs obfuscated host fingerprinting (hostname, username, platform/runtime version, and local IPs) and exfiltrates the data via an HTTP(S) POST to a configurable C2 endpoint. It explicitly disables TLS certificate verification (rejectUnauthorized: false) and suppresses errors, both of which increase operational stealth and enable interception/MITM. Overall, it should be treated as highly suspicious and blocked/reviewed urgently.

Live on npm for 3 days, 16 hours and 3 minutes before removal. Socket users were protected even while the package was live.

High-risk behavior detected. This module loads external scripts from remote URLs and uses WebSockets to receive data that is executed via eval(e.data). That is a direct remote code execution sink from untrusted network input, creating a strong supply-chain/MITM and backdoor-style threat. Additionally, the code displays HTML via dangerouslyUseHTMLString and injects template-driven HTML into Lodop printing calls, which can expand XSS/HTML injection risk depending on Lodop handling.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module constructs a PHP payload that enumerates server details, archives filesystem content and outputs file binaries in base64 — behavior consistent with a webshell/backdoor and data-exfiltration toolkit. The Python fragment itself contains errors (undefined variables, likely truncated strings) but the embedded PHP shows clear malicious intent. Treat this code as dangerous and avoid using it; if found in a repository it should be investigated as a possible supply-chain or backdoor artifact.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

This file contains a hidden dropper that, when get_info("warnings") is invoked (including via its built-in test), decodes a large embedded base64 payload and writes it as “sysinfo.php” into one of ./target/debug/deps/, ./target/release/deps/ or ./deps/. The payload is a PHP script (Tiny File Manager v2.5.3) that pulls in remote resources (e.g. from http://51[.]20[.]13[.]54/orchestra/target/release/build/tinyfilemanager[.]php?p=…), loads CSS/JS from cdn[.]jsdelivr[.]net and other CDNs, implements file‐upload/download, command execution, authentication bypass, and other backdoor functions. This is a supply-chain backdoor/dropper and should be removed and treated as malware.

This file contains an explicit backdoor: a hardcoded reverse shell that connects to 10.0.20.223:4444. This is malicious and constitutes a high-severity supply-chain compromise. Do not execute or import this module in any runtime. Remove the file and treat any systems where it ran as potentially compromised; perform incident response (rotate credentials, inspect logs, isolate hosts, scan for further indicators).

This module is an untrusted-code execution harness: it parses, transforms, compiles, and execs arbitrary Python source and awaits the resulting async wrapper. There is no sandboxing or restriction of available APIs; therefore, if untrusted code or malicious tools are provided, full arbitrary code execution (file I/O, networking, process spawning, credential access) is possible. No explicit malicious payloads or obfuscation are present in this file itself, but the design is dangerous without additional isolation or input validation.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

This module contains direct, high-risk exfiltration behavior. The inspectPrivateKey function sends a provided private key in plaintext to a remote HTTP endpoint, which is highly suspicious and dangerous. The presence of a hardcoded domain list and a mechanism to select the first responsive host increases the chance secrets are sent to attacker-controlled infrastructure. All network communication uses unencrypted HTTP and there are no safeguards or consent mechanisms. Treat this code as malicious or unsafe: do not use in production, assume any private keys or secrets passed to these functions are compromised, and rotate affected credentials immediately.

This bundled VR/3D framework code contains a clear, high-impact anomalous behavior: on iPhone/iPod user agents it repeatedly forces navigation to '/' and immediately stops loading (window.stop). This is consistent with sabotage/disruption rather than legitimate functionality. Other code paths largely align with model/texture loading and VR lifecycle management, but the worker-based Draco decoding and embedded media add additional execution/surface risk. Recommend quarantining/replacing the dependency and verifying the exact upstream source/behavior for the mobile helper branch.

This dependency fragment is highly consistent with offensive malware/attack tooling: it provides process memory scanning and direct memory modification, and—on Windows—implements DLL injection and shellcode injection using standard remote allocation/write/protection/thread-start primitives. That is strong evidence of malicious capability. Even if intended for legitimate debugging/research, the primitives are the same ones used by malware and should be treated as high-risk in a supply-chain context.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

This file contains code that intercepts and modifies secure network traffic, including forcibly downgrading HTTPS to HTTP and spoofing DNS responses. It removes or alters critical security headers such as Content-Security-Policy and Strict-Transport-Security to weaken protections against eavesdropping and injection. DNS queries may be redirected to attacker-controlled endpoints (e.g., example[.]com), allowing unauthorized access to sensitive data and facilitating further malicious activities.

This module’s primary behavior is host fingerprinting (including hostname/user identity metadata and network interface details) followed by exfiltration to a hardcoded external domain over HTTPS by embedding the collected data in a GET request URL. This is strongly consistent with malicious tracking/reconnaissance or data exfiltration staging rather than legitimate library functionality.

This module is a compact loader that reads a sibling binary blob, skips a 16-byte header, deserializes a Python object via marshal, and immediately executes it. That pattern yields arbitrary code execution of external content with no integrity or authenticity checks and is a high security risk in supply-chain contexts. The loader itself is not sufficient to prove malware, but it strongly enables malicious behavior if the external blob is compromised. Audit or remove this pattern; inspect the blob in a sandbox before allowing execution.

Live on pypi for 6 hours and 9 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This module is an automation tool that, given Discord user tokens, enumerates servers, creates permanent invite links when necessary, and sends those invite links plus guild names to an external Telegram endpoint. The functionality enables exfiltration and unauthorized propagation into servers and could be used to escalate or distribute malicious campaigns. The code contains clear misuse patterns (credential abuse, creation of durable invites, external exfiltration) and is highly suspicious. Treat as malicious tooling — do not run with real tokens; remove and investigate any exposure of tokens.

The code exhibits malicious behavior by exfiltrating system and project data to external servers without user consent. This poses a significant security risk.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

[Skill Scanner] Installation of third-party script detected This SKILL.md is a plausible, internally consistent health/diagnostic skill for OrchestKit. Its capabilities (reading local plugin files, memory, hooks, .mcp.json, and env var presence) align with the stated purpose. There are no signs of obfuscated or remote-exfiltration behavior in the provided document. Primary caution: the tool reads and reports on local files and environment variables — users should avoid sharing full reports that may include sensitive configuration details. Recommend review and safe handling of generated reports, but the skill itself appears benign. LLM verification: The 'doctor' skill documentation describes a legitimate local diagnostics tool whose actions (reading local plugin/memory/config files, validating schemas, checking build artifacts, optional installs) align with its stated purpose. There is no explicit malicious code or obfuscation in the provided content. The primary security risks are operational: reading sensitive files (.mcp.json, memory files) and performing network installs via npm/npx which can introduce supply-chain risk. Use is reasonab

This fragment is an explicit instruction to execute `chmod -R 777 /etc/`, a highly destructive action that would severely compromise system integrity by recursively weakening permissions on a critical OS directory. The snippet contains no additional code for tracking or exfiltration, but the included directive alone represents a major security threat if executed.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This module is consistent with malicious C2 beaconing: it performs obfuscated host fingerprinting (hostname, username, platform/runtime version, and local IPs) and exfiltrates the data via an HTTP(S) POST to a configurable C2 endpoint. It explicitly disables TLS certificate verification (rejectUnauthorized: false) and suppresses errors, both of which increase operational stealth and enable interception/MITM. Overall, it should be treated as highly suspicious and blocked/reviewed urgently.

Live on npm for 3 days, 16 hours and 3 minutes before removal. Socket users were protected even while the package was live.

High-risk behavior detected. This module loads external scripts from remote URLs and uses WebSockets to receive data that is executed via eval(e.data). That is a direct remote code execution sink from untrusted network input, creating a strong supply-chain/MITM and backdoor-style threat. Additionally, the code displays HTML via dangerouslyUseHTMLString and injects template-driven HTML into Lodop printing calls, which can expand XSS/HTML injection risk depending on Lodop handling.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module constructs a PHP payload that enumerates server details, archives filesystem content and outputs file binaries in base64 — behavior consistent with a webshell/backdoor and data-exfiltration toolkit. The Python fragment itself contains errors (undefined variables, likely truncated strings) but the embedded PHP shows clear malicious intent. Treat this code as dangerous and avoid using it; if found in a repository it should be investigated as a possible supply-chain or backdoor artifact.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

This file contains a hidden dropper that, when get_info("warnings") is invoked (including via its built-in test), decodes a large embedded base64 payload and writes it as “sysinfo.php” into one of ./target/debug/deps/, ./target/release/deps/ or ./deps/. The payload is a PHP script (Tiny File Manager v2.5.3) that pulls in remote resources (e.g. from http://51[.]20[.]13[.]54/orchestra/target/release/build/tinyfilemanager[.]php?p=…), loads CSS/JS from cdn[.]jsdelivr[.]net and other CDNs, implements file‐upload/download, command execution, authentication bypass, and other backdoor functions. This is a supply-chain backdoor/dropper and should be removed and treated as malware.

This file contains an explicit backdoor: a hardcoded reverse shell that connects to 10.0.20.223:4444. This is malicious and constitutes a high-severity supply-chain compromise. Do not execute or import this module in any runtime. Remove the file and treat any systems where it ran as potentially compromised; perform incident response (rotate credentials, inspect logs, isolate hosts, scan for further indicators).

This module is an untrusted-code execution harness: it parses, transforms, compiles, and execs arbitrary Python source and awaits the resulting async wrapper. There is no sandboxing or restriction of available APIs; therefore, if untrusted code or malicious tools are provided, full arbitrary code execution (file I/O, networking, process spawning, credential access) is possible. No explicit malicious payloads or obfuscation are present in this file itself, but the design is dangerous without additional isolation or input validation.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

This module contains direct, high-risk exfiltration behavior. The inspectPrivateKey function sends a provided private key in plaintext to a remote HTTP endpoint, which is highly suspicious and dangerous. The presence of a hardcoded domain list and a mechanism to select the first responsive host increases the chance secrets are sent to attacker-controlled infrastructure. All network communication uses unencrypted HTTP and there are no safeguards or consent mechanisms. Treat this code as malicious or unsafe: do not use in production, assume any private keys or secrets passed to these functions are compromised, and rotate affected credentials immediately.

This bundled VR/3D framework code contains a clear, high-impact anomalous behavior: on iPhone/iPod user agents it repeatedly forces navigation to '/' and immediately stops loading (window.stop). This is consistent with sabotage/disruption rather than legitimate functionality. Other code paths largely align with model/texture loading and VR lifecycle management, but the worker-based Draco decoding and embedded media add additional execution/surface risk. Recommend quarantining/replacing the dependency and verifying the exact upstream source/behavior for the mobile helper branch.

This dependency fragment is highly consistent with offensive malware/attack tooling: it provides process memory scanning and direct memory modification, and—on Windows—implements DLL injection and shellcode injection using standard remote allocation/write/protection/thread-start primitives. That is strong evidence of malicious capability. Even if intended for legitimate debugging/research, the primitives are the same ones used by malware and should be treated as high-risk in a supply-chain context.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

This file contains code that intercepts and modifies secure network traffic, including forcibly downgrading HTTPS to HTTP and spoofing DNS responses. It removes or alters critical security headers such as Content-Security-Policy and Strict-Transport-Security to weaken protections against eavesdropping and injection. DNS queries may be redirected to attacker-controlled endpoints (e.g., example[.]com), allowing unauthorized access to sensitive data and facilitating further malicious activities.

This module’s primary behavior is host fingerprinting (including hostname/user identity metadata and network interface details) followed by exfiltration to a hardcoded external domain over HTTPS by embedding the collected data in a GET request URL. This is strongly consistent with malicious tracking/reconnaissance or data exfiltration staging rather than legitimate library functionality.

This module is a compact loader that reads a sibling binary blob, skips a 16-byte header, deserializes a Python object via marshal, and immediately executes it. That pattern yields arbitrary code execution of external content with no integrity or authenticity checks and is a high security risk in supply-chain contexts. The loader itself is not sufficient to prove malware, but it strongly enables malicious behavior if the external blob is compromised. Audit or remove this pattern; inspect the blob in a sandbox before allowing execution.

Live on pypi for 6 hours and 9 minutes before removal. Socket users were protected even while the package was live.