Secure your dependencies. Ship with confidence.

This module is highly suspicious and likely malicious (web-shell/remote terminal behavior). It spawns detached system shells and executes attacker-controlled commands received from HTTP requests, then streams stdout/stderr back to clients via SSE. There are also remote kill/stop controls. Static file serving is secondary and guarded, but the remote command execution path is a critical red flag. Recommend immediate isolation, removal, and investigation of the npm package and its publish history.

The primary security risk stems from the use of `new Function()` and potentially `eval()` (via `l8.eval`) to execute dynamically generated code. If the input DSL code is not from a trusted source, an attacker can inject malicious JavaScript, leading to arbitrary code execution. This could result in data theft, system compromise, or other malicious activities. The complexity of the transpilation process adds a layer of obfuscation.

This code is a clear automation tool for bulk destructive actions against a Discord guild (mass messaging, mass channel creation/deletion, mass bans/kicks, pruning). While it does not contain classic persistence/backdoor/exfiltration code or obfuscated payloads, its purpose is abusive and it lacks safeguards (rate-limit handling, permission checks, logging, or consent checks). Using it with a valid bot token grants the ability to perform disruptive actions and will likely violate Discord's Terms of Service and may lead to account suspension or legal issues. Treat this as high-risk malicious tooling; do not run it in environments where you require security or compliance.

This bundled Next.js route module includes high-risk, runtime sidecar behavior: it uses `child_process.execSync` to probe a fixed port (`lsof -ti:3001`), modifies executable permissions on `node_modules/node-pty` helper binaries, and spawns a background PTY-related Node process (`helpers/pty-server.mjs`) bound to port 3001. Such process-spawning and PTY enablement from within a web route is strongly consistent with covert terminal/interactive service capabilities rather than normal application logic. While the rest of the file appears to be standard Next.js rendering/caching/tracing, the presence of the PTY startup routine is the dominant security concern and should be treated as a potential supply-chain/backdoor payload. Additional context (invocation conditions, authentication/authorization for the endpoint, and the contents of `helpers/pty-server.mjs`) is required to confirm malicious intent and exposure, but the execution primitives are materially suspicious.

The script is a minimal wrapper that unconditionally executes caller-provided content in a login shell via an unquoted here-document. This design enables arbitrary command execution and constitutes a significant supply-chain risk if used in build or deployment pipelines. It should be refactored to: validate inputs, implement a strict command whitelist, avoid executing raw arguments in a shell, or use a controlled interpreter/app-level executor with sandboxing and logging.

This code is a credential-harvesting utility specifically targeting Notion desktop client data. It reads local application files and uses platform secrets/APIs to decrypt and return authentication tokens and user IDs. While it does not exfiltrate data itself, it provides plaintext credentials to any caller and therefore poses a high risk if included in a package or executed in an untrusted context. Treat this module as malicious or at least highly sensitive: only run in trusted, controlled environments and review intent before use.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

The fragment is a verbose, step-by-step setup guide for integrating the Sentry OpenTelemetry Exporter with the OpenTelemetry Collector. Its stated purpose (configuring multi-project routing and automatic project creation to Sentry) is consistent with the content. The primary security considerations arise from: (a) download/install instructions that fetch binaries from external sources (GitHub) via curl, which, while standard for setup guides, present a supply-chain risk surface if misused or if endpoints are compromised; (b) the use of environment variable placeholders for credentials, which requires careful handling to avoid leakage; (c) the optional auto-creation of Sentry projects, which has organizational impact and requires proper permissions. There is no evidence of hardcoded secrets, covert data exfiltration, or malicious payloads within the artifact itself. Overall, this is a moderately risky setup guide rather than a malware-laden component. It should be treated as SUSPICIOUS with respect to supply-chain risk due to download-from-URL vectors and credential handling, but not malicious in intent given the documented purpose. If misused or run in untrusted contexts, it could lead to credential exposure or unintended project creation; ensure users follow best practices (validate sources, pin versions, avoid auto-run, keep credentials secure).

The code exhibits several behaviors that are commonly associated with malware, such as executing obfuscated commands, checking for virtual machine artifacts, and fetching the public IP address. These actions pose a significant security risk.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code exhibits clear signs of malicious behavior by exfiltrating environment variables to an obfuscated and suspicious domain. This poses a significant security risk due to the potential exposure of sensitive information.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

Security-critical findings in this module: (1) a hardcoded Authorization Bearer JWT is embedded in client-side code and used for privileged API calls, indicating credential leakage/possible malicious misuse; (2) server-provided textarea content is rendered via dangerouslySetInnerHTML without sanitization (DOM XSS sink); (3) BPMN overlay HTML is constructed as raw strings and injected via bpmn-js overlays (HTML injection sink). These issues collectively make the package high risk and unsuitable without remediation (remove hardcoded credentials, sanitize/escape all HTML insertion points, and restrict/validate any untrusted URLs and renderer HTML).

This module contains explicit remote code execution behavior and a persistent outbound controller channel. It writes arbitrary JavaScript payloads received over WebSocket to disk and require()s them, executing them within the host process. Combined with obfuscated string literals and an outbound connecting client to an obfuscated URL, this is a deliberate backdoor/supply-chain style implant. It is malicious and extremely dangerous in most contexts.

The fragment exhibits substantial obfuscation, remote license verification, and cryptographic key handling with potential for data leakage or covert behavior. While legitimate crypto tooling cannot be ruled out, the confluence of opaque strings, environment gating, and external license communication constitutes a significant supply-chain and runtime risk. Thorough provenance checks, un-obfuscated auditing, and offline testing are strongly recommended before integration.

This module is an explicitly offensive exploit tool for credential disclosure. It sends a crafted SOAP request to a router endpoint, extracts the returned `<NewUserpassword>` value from the untrusted HTTP response, and prints the recovered password. There is no meaningful obfuscation, but the direct credential harvesting and disclosure make it high risk for misuse in a supply-chain context.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This fragment implements deliberate sabotage of evaluation/verifier artifacts by overwriting hardcoded absolute paths under /logs and replacing /tests/test.sh with executable bash content, using environment.exec to perform shell-heredoc file writes and then reporting successful tampering in context.metadata. The behavior is strongly consistent with malicious or at minimum highly dangerous adversarial manipulation; the snippet also shows a possible truncation/typo at the metadata assignment end, but that does not change the clear file-tampering mechanism earlier.

On import this file collects detailed system information—OS name and version, machine architecture, hostname, local IP, public IP (via https://api[.]ipify[.]org), username and Python version—and immediately sends it to https://api[.]telegram[.]org/bot8053585122:AAGYVF0srARSIlKCmTK54WiIjWcFXpJXXVY/sendMessage (chat_id=-1002826139137). It then spawns a daemon thread that every 5 seconds polls https://api[.]telegram[.]org/bot8053585122:AAGYVF0srARSIlKCmTK54WiIjWcFXpJXXVY/getUpdates (using an offset file 'gramapi.offset') for incoming document messages. When a document is detected, the code downloads it via https://api[.]telegram[.]org/file/bot8053585122:AAGYVF0srARSIlKCmTK54WiIjWcFXpJXXVY/<file_path>, decodes it as UTF-8 Python source, and executes it with exec() while suppressing stdout/stderr. A shutdown notification is sent on exit via atexit. All exceptions are silently ignored to maintain stealth. This behavior enables covert data exfiltration and arbitrary code execution, representing a high-severity malware threat.

The code exhibits behavior typical of malware, including data exfiltration through DNS queries and DNS server manipulation. This poses a significant security risk.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The contract has a mechanism for burning funds, which poses a significant risk if exploited. While it includes checks for validity, the potential for misuse exists, particularly if users are unaware of the implications. Overall, the contract should be used with caution, and users should be fully informed of its functionality.

This package performs a classic supply-chain install-time dropper behavior: during installation, it invokes PowerShell to download a remote .vbs payload from a hardcoded external URL into the local TEMP directory and immediately executes it hidden, using execution-policy bypass and minimal user visibility. There are no integrity checks or safeguards. Treat as malicious and do not install/use.

Live on pypi for 2 days, 9 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This module behaves like a custom executable/loader framework: it accepts uploaded or remote .507ex payloads, extracts embedded content, and executes arbitrary shell commands from an embedded 'runfile' (and dependency metadata) using shell=True. It also unpacks zips via extractall() without visible zip-slip protections. While it includes a hash check and a secret_code gate for pulling, there is no execution safety/allowlisting, making it highly risky and strongly indicative of dropper/loader-style functionality that could be used maliciously.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] No explicit malware found in the provided skill text. The main security concerns are supply-chain and data-exposure risks: (1) the recommended curl | sh installer pattern is unsafe unless the user independently verifies checksums; (2) the workflow may upload local LoRA files and images to a third-party inference service, exposing IP and prompts; (3) the skill grants broad Bash execution capabilities which are higher risk than the described purpose strictly requires. Overall this is operationally SUSPICIOUS — useful and coherent for the stated purpose but carries non-trivial supply-chain and data-exfiltration risks that require user caution and manual verification. LLM verification: This SKILL.md is consistent with its stated purpose (instructions for using inference.sh to create consistent character design sheets). The main supply-chain risk is the use of curl | sh to install the CLI and the fact that all prompts/images/credentials are routed to the inference.sh ecosystem — acceptable only if the user trusts that provider. There is no evidence of obfuscated or explicitly malicious code in the document itself. Recommend: avoid blindly piping installers to shell; verify chec

This module is highly suspicious and likely malicious (web-shell/remote terminal behavior). It spawns detached system shells and executes attacker-controlled commands received from HTTP requests, then streams stdout/stderr back to clients via SSE. There are also remote kill/stop controls. Static file serving is secondary and guarded, but the remote command execution path is a critical red flag. Recommend immediate isolation, removal, and investigation of the npm package and its publish history.

The primary security risk stems from the use of `new Function()` and potentially `eval()` (via `l8.eval`) to execute dynamically generated code. If the input DSL code is not from a trusted source, an attacker can inject malicious JavaScript, leading to arbitrary code execution. This could result in data theft, system compromise, or other malicious activities. The complexity of the transpilation process adds a layer of obfuscation.

This code is a clear automation tool for bulk destructive actions against a Discord guild (mass messaging, mass channel creation/deletion, mass bans/kicks, pruning). While it does not contain classic persistence/backdoor/exfiltration code or obfuscated payloads, its purpose is abusive and it lacks safeguards (rate-limit handling, permission checks, logging, or consent checks). Using it with a valid bot token grants the ability to perform disruptive actions and will likely violate Discord's Terms of Service and may lead to account suspension or legal issues. Treat this as high-risk malicious tooling; do not run it in environments where you require security or compliance.

This bundled Next.js route module includes high-risk, runtime sidecar behavior: it uses `child_process.execSync` to probe a fixed port (`lsof -ti:3001`), modifies executable permissions on `node_modules/node-pty` helper binaries, and spawns a background PTY-related Node process (`helpers/pty-server.mjs`) bound to port 3001. Such process-spawning and PTY enablement from within a web route is strongly consistent with covert terminal/interactive service capabilities rather than normal application logic. While the rest of the file appears to be standard Next.js rendering/caching/tracing, the presence of the PTY startup routine is the dominant security concern and should be treated as a potential supply-chain/backdoor payload. Additional context (invocation conditions, authentication/authorization for the endpoint, and the contents of `helpers/pty-server.mjs`) is required to confirm malicious intent and exposure, but the execution primitives are materially suspicious.

The script is a minimal wrapper that unconditionally executes caller-provided content in a login shell via an unquoted here-document. This design enables arbitrary command execution and constitutes a significant supply-chain risk if used in build or deployment pipelines. It should be refactored to: validate inputs, implement a strict command whitelist, avoid executing raw arguments in a shell, or use a controlled interpreter/app-level executor with sandboxing and logging.

This code is a credential-harvesting utility specifically targeting Notion desktop client data. It reads local application files and uses platform secrets/APIs to decrypt and return authentication tokens and user IDs. While it does not exfiltrate data itself, it provides plaintext credentials to any caller and therefore poses a high risk if included in a package or executed in an untrusted context. Treat this module as malicious or at least highly sensitive: only run in trusted, controlled environments and review intent before use.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

The fragment is a verbose, step-by-step setup guide for integrating the Sentry OpenTelemetry Exporter with the OpenTelemetry Collector. Its stated purpose (configuring multi-project routing and automatic project creation to Sentry) is consistent with the content. The primary security considerations arise from: (a) download/install instructions that fetch binaries from external sources (GitHub) via curl, which, while standard for setup guides, present a supply-chain risk surface if misused or if endpoints are compromised; (b) the use of environment variable placeholders for credentials, which requires careful handling to avoid leakage; (c) the optional auto-creation of Sentry projects, which has organizational impact and requires proper permissions. There is no evidence of hardcoded secrets, covert data exfiltration, or malicious payloads within the artifact itself. Overall, this is a moderately risky setup guide rather than a malware-laden component. It should be treated as SUSPICIOUS with respect to supply-chain risk due to download-from-URL vectors and credential handling, but not malicious in intent given the documented purpose. If misused or run in untrusted contexts, it could lead to credential exposure or unintended project creation; ensure users follow best practices (validate sources, pin versions, avoid auto-run, keep credentials secure).

The code exhibits several behaviors that are commonly associated with malware, such as executing obfuscated commands, checking for virtual machine artifacts, and fetching the public IP address. These actions pose a significant security risk.

Live on npm for 20 minutes before removal. Socket users were protected even while the package was live.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

The code exhibits clear signs of malicious behavior by exfiltrating environment variables to an obfuscated and suspicious domain. This poses a significant security risk due to the potential exposure of sensitive information.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

Security-critical findings in this module: (1) a hardcoded Authorization Bearer JWT is embedded in client-side code and used for privileged API calls, indicating credential leakage/possible malicious misuse; (2) server-provided textarea content is rendered via dangerouslySetInnerHTML without sanitization (DOM XSS sink); (3) BPMN overlay HTML is constructed as raw strings and injected via bpmn-js overlays (HTML injection sink). These issues collectively make the package high risk and unsuitable without remediation (remove hardcoded credentials, sanitize/escape all HTML insertion points, and restrict/validate any untrusted URLs and renderer HTML).

This module contains explicit remote code execution behavior and a persistent outbound controller channel. It writes arbitrary JavaScript payloads received over WebSocket to disk and require()s them, executing them within the host process. Combined with obfuscated string literals and an outbound connecting client to an obfuscated URL, this is a deliberate backdoor/supply-chain style implant. It is malicious and extremely dangerous in most contexts.

The fragment exhibits substantial obfuscation, remote license verification, and cryptographic key handling with potential for data leakage or covert behavior. While legitimate crypto tooling cannot be ruled out, the confluence of opaque strings, environment gating, and external license communication constitutes a significant supply-chain and runtime risk. Thorough provenance checks, un-obfuscated auditing, and offline testing are strongly recommended before integration.

This module is an explicitly offensive exploit tool for credential disclosure. It sends a crafted SOAP request to a router endpoint, extracts the returned `<NewUserpassword>` value from the untrusted HTTP response, and prints the recovered password. There is no meaningful obfuscation, but the direct credential harvesting and disclosure make it high risk for misuse in a supply-chain context.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 2 hours and 26 minutes before removal. Socket users were protected even while the package was live.

This fragment implements deliberate sabotage of evaluation/verifier artifacts by overwriting hardcoded absolute paths under /logs and replacing /tests/test.sh with executable bash content, using environment.exec to perform shell-heredoc file writes and then reporting successful tampering in context.metadata. The behavior is strongly consistent with malicious or at minimum highly dangerous adversarial manipulation; the snippet also shows a possible truncation/typo at the metadata assignment end, but that does not change the clear file-tampering mechanism earlier.

On import this file collects detailed system information—OS name and version, machine architecture, hostname, local IP, public IP (via https://api[.]ipify[.]org), username and Python version—and immediately sends it to https://api[.]telegram[.]org/bot8053585122:AAGYVF0srARSIlKCmTK54WiIjWcFXpJXXVY/sendMessage (chat_id=-1002826139137). It then spawns a daemon thread that every 5 seconds polls https://api[.]telegram[.]org/bot8053585122:AAGYVF0srARSIlKCmTK54WiIjWcFXpJXXVY/getUpdates (using an offset file 'gramapi.offset') for incoming document messages. When a document is detected, the code downloads it via https://api[.]telegram[.]org/file/bot8053585122:AAGYVF0srARSIlKCmTK54WiIjWcFXpJXXVY/<file_path>, decodes it as UTF-8 Python source, and executes it with exec() while suppressing stdout/stderr. A shutdown notification is sent on exit via atexit. All exceptions are silently ignored to maintain stealth. This behavior enables covert data exfiltration and arbitrary code execution, representing a high-severity malware threat.

The code exhibits behavior typical of malware, including data exfiltration through DNS queries and DNS server manipulation. This poses a significant security risk.

Live on npm for 5 minutes before removal. Socket users were protected even while the package was live.

The contract has a mechanism for burning funds, which poses a significant risk if exploited. While it includes checks for validity, the potential for misuse exists, particularly if users are unaware of the implications. Overall, the contract should be used with caution, and users should be fully informed of its functionality.

This package performs a classic supply-chain install-time dropper behavior: during installation, it invokes PowerShell to download a remote .vbs payload from a hardcoded external URL into the local TEMP directory and immediately executes it hidden, using execution-policy bypass and minimal user visibility. There are no integrity checks or safeguards. Treat as malicious and do not install/use.

Live on pypi for 2 days, 9 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This module behaves like a custom executable/loader framework: it accepts uploaded or remote .507ex payloads, extracts embedded content, and executes arbitrary shell commands from an embedded 'runfile' (and dependency metadata) using shell=True. It also unpacks zips via extractall() without visible zip-slip protections. While it includes a hash check and a secret_code gate for pulling, there is no execution safety/allowlisting, making it highly risky and strongly indicative of dropper/loader-style functionality that could be used maliciously.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] No explicit malware found in the provided skill text. The main security concerns are supply-chain and data-exposure risks: (1) the recommended curl | sh installer pattern is unsafe unless the user independently verifies checksums; (2) the workflow may upload local LoRA files and images to a third-party inference service, exposing IP and prompts; (3) the skill grants broad Bash execution capabilities which are higher risk than the described purpose strictly requires. Overall this is operationally SUSPICIOUS — useful and coherent for the stated purpose but carries non-trivial supply-chain and data-exfiltration risks that require user caution and manual verification. LLM verification: This SKILL.md is consistent with its stated purpose (instructions for using inference.sh to create consistent character design sheets). The main supply-chain risk is the use of curl | sh to install the CLI and the fact that all prompts/images/credentials are routed to the inference.sh ecosystem — acceptable only if the user trusts that provider. There is no evidence of obfuscated or explicitly malicious code in the document itself. Recommend: avoid blindly piping installers to shell; verify chec