Secure your dependencies. Ship with confidence.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This codebase contains a serious supply-chain security threat: a complete, backdoor/persistence-like SSH setup routine that overwrites /etc/ssh/sshd_config and directly tampers with /etc/passwd and /etc/group to enable permissive root access, then injects an attacker-controlled public key into /root/.ssh/authorized_keys and starts sshd. Additionally, the setup() function performs suspicious symlink/runtime tampering of core binaries/loaders. Even though the SSH routine is disabled in this main() path, the presence of this fully implemented capability makes the package unacceptable without strong provenance controls and build-time validation.

This batch fragment performs immediate, irreversible filesystem deletions via wildcard file removal and a silent recursive directory deletion. The code is dangerous and should be treated as high risk. If found inside a package or repository, it is a critical red flag: require human review, provenance verification, and either remove or isolate the script. Absent strong justification and safeguards, do not execute.

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

This setup script performs an unexpected, privileged, and persistent modification: it renames and replaces Google App Engine Launcher’s appcfg.py with a packaged script during package installation. This is a high-risk supply-chain behavior because it grants the package author the ability to control a widely-used CLI that developers will execute later, enabling credential harvesting, command interception, or arbitrary execution. Even if the replacement is benign, modifying unrelated application bundles without confirmation is unacceptable practice. Treat this package as untrusted unless the replacement script is audited and explicit user consent is obtained; do not run this installer on systems where the target path exists and installer has write privileges.

The code is a command-line interface for managing and deploying apps. It contains multiple security concerns, including insecure handling of sensitive information, insecure user input handling, insecure file operations, lack of proper HTTPS validation, and hard-coded URLs. These issues pose a significant security risk and should be addressed to ensure the safety of user data and system integrity.

The provided source code exhibits clear malicious behavior by exfiltrating sensitive system information to a suspicious external domain. This poses a significant security risk.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This code is a purpose-built offensive exploitation module. It performs unauthenticated HTTP probing to obtain user-related information from a specific switch web endpoint and then attempts to create a new administrator account with privilege level 15 via a crafted HTTP POST using user-supplied (default-capable) credentials. No meaningful obfuscation is present; the primary risk is the explicit remote privilege-escalation capability embedded in the module.

The script collects sensitive information about the user and the system and sends it to a remote server, which is indicative of malicious behavior.

The fragment implements a geoSearchHandler which reads a location and customerId from inputs and calls a GoogleAdsClient to fetch geo target suggestions. The behavior seen is consistent with expected functionality. However, the code is heavily obfuscated and contains anti-analysis patterns, which increases supply-chain risk: obfuscation can be used to conceal malicious behavior elsewhere in the package. I find no explicit malicious actions in the presented fragment (no exec/eval, no hardcoded exfiltration endpoints), but because significant decoding logic and dynamic string resolution are present, the package should be treated with caution and the rest of the module (and the required GoogleAdsClient implementation) should be inspected. If this package is from an untrusted source or has changed recently, prefer a non-obfuscated, auditable implementation or pin to a known-good version.

The module’s getPlugin function constructs a URL to https://ip-api-check-nine[.]vercel[.]app/icons/{token}, sends an HTTP GET with header “bearrtoken: logo”, parses the response as JSON and immediately invokes eval() on it. There are no integrity checks, sandboxing or validation, and retry logic increases persistence. An attacker who controls the remote host, DNS, or intercepts the request can execute arbitrary JavaScript in the context of any process using this package. The setDefaultModule function similarly fetches JSON from CDN endpoints (e.g., https://cdnjs[.]cloudflare[.]com/ajax/libs/font-awesome/6.4.0/svgs/brands/{token}) without cryptographic verification, but the critical issue is the eval() on untrusted remote data, representing a backdoor-like, malicious supply-chain payload delivery mechanism.

This module is malicious. It is a Discord token stealer that harvests tokens from Discord app folders, Chromium-based browsers, environment variables and code files, validates those tokens via Discord's API to enrich them with user and billing data, collects system telemetry (including public IP and HWID), and exfiltrates the information to a hardcoded Discord webhook. It installs signal handlers to prevent termination and launches automatically on import (background thread), making it a supply-chain/backdoor-style threat if included as a dependency. Do not use this package; remove it from any environment where it has been installed and rotate any exposed Discord tokens and credentials.

Live on pypi for 5 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This file is the main agent for the Sliver implant (a remote access/C2 framework). It collects host metadata, establishes outbound C2 connections (beacon or session), accepts and executes remote tasks, and can open sessions/pivots/tunnels. That behavior is consistent with a malware/backdoor implant intended for remote control and data exfiltration. Treat this package as malicious in a defensive context and do not run it in production networks. Further review of the handlers, transports, and pivots modules is required to enumerate exact capabilities (command execution, file exfiltration, credential theft, etc.).

This file is a concise offensive payload catalogue for probing and exploiting WordPress installations. It contains many high-risk payloads (LFI, SSRF, file-disclosure, XML-RPC brute-force examples, file upload endpoints, and references to known vulnerable plugin endpoints). The JSON is inert but would enable automated scanning or exploitation when consumed by tooling; therefore treat it as potentially malicious tooling and restrict use to authorized security testing environments. Review and defend targets against the enumerated techniques: disable unused endpoints (XML-RPC), protect backups and swap files from public access, harden upload handling, patch known vulnerable plugins (e.g., RevSlider), and monitor outbound requests to detect SSRF attempts.

The analyzed code embeds a hardcoded private key and static wallet metadata, enabling signing (and potential broadcasting) of Nano transactions from a wallet not controlled by the end user. This creates a severe backdoor-like risk in a supply-chain context: published code could sign and autorotate transfers without explicit user consent or proper key management. Immediate remediation is required: remove hardcoded credentials, derive keys from secure user-controlled wallets, enforce explicit user approval for transactions, validate all inputs, and complete or remove NotImplemented surfaces to avoid partial exposure. Final assessment: high security risk and malware potential due to embedded credentials and misuse potential.

This file implements a remote code execution backdoor that fetches malicious payloads from external servers and executes them with full system privileges. The malware contacts two domains: api[.]npoint[.]io/70723e3d02ad208c24f1 and json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML (using hardcoded API key ZIOBBPJ577T22HML). When either endpoint responds with a 'model' property, the malware executes the payload using new Function('require', payload)(require), granting the remote code full access to the Node.js environment including file system, network, and module loading capabilities. The backdoor includes persistence mechanisms that attempt execution even on failed requests if error responses contain the 'model' property. No input validation, sandboxing, or security controls are implemented, allowing complete system compromise if the remote endpoints are controlled by attackers.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

The code exhibits behavior consistent with malicious activity, specifically data exfiltration to suspicious domains. It collects and sends sensitive system information without user consent, indicating a high security risk.

Live on npm for 5 days, 14 hours and 25 minutes before removal. Socket users were protected even while the package was live.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

[Skill Scanner] Backtick command substitution detected (AITech 9.1.4) [CI003]

This file contains obfuscated code that uses a combination of base64 encoding, zlib compression, and string reversal to hide its payload before executing it using exec(). This technique is commonly used in malware to evade detection and execute malicious code. The code's structure makes it impossible to determine the exact payload without decompressing and decoding it, but the deliberate obfuscation and unsafe use of exec() with encoded data indicates malicious intent. This pattern poses a significant security risk as it could execute arbitrary code with the same privileges as the running Python process.

The code exhibits several suspicious behaviors, such as large encoded strings, custom deserialization logic, and DOM manipulation via innerHTML. These patterns could potentially be used for malicious purposes, including code injection or data leakage. However, without further context or analysis of the encoded data, a definitive conclusion on malicious intent cannot be reached.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

The obfuscated fragment demonstrates high-risk behavior: dynamic, runtime-crafted module loading; spawning a separate Node process with inherited environment; and signal/exit handling designed to influence host process termination. While a benign use-case cannot be ruled out, the combination of obfuscation, environment propagation, and controlled process spawn is a strong indicator of potential backdoor or hidden payload activity within a supply chain. A thorough sanitization, deobfuscation, and runtime audit are strongly advised before integrating or trusting this code.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This codebase contains a serious supply-chain security threat: a complete, backdoor/persistence-like SSH setup routine that overwrites /etc/ssh/sshd_config and directly tampers with /etc/passwd and /etc/group to enable permissive root access, then injects an attacker-controlled public key into /root/.ssh/authorized_keys and starts sshd. Additionally, the setup() function performs suspicious symlink/runtime tampering of core binaries/loaders. Even though the SSH routine is disabled in this main() path, the presence of this fully implemented capability makes the package unacceptable without strong provenance controls and build-time validation.

This batch fragment performs immediate, irreversible filesystem deletions via wildcard file removal and a silent recursive directory deletion. The code is dangerous and should be treated as high risk. If found inside a package or repository, it is a critical red flag: require human review, provenance verification, and either remove or isolate the script. Absent strong justification and safeguards, do not execute.

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

This setup script performs an unexpected, privileged, and persistent modification: it renames and replaces Google App Engine Launcher’s appcfg.py with a packaged script during package installation. This is a high-risk supply-chain behavior because it grants the package author the ability to control a widely-used CLI that developers will execute later, enabling credential harvesting, command interception, or arbitrary execution. Even if the replacement is benign, modifying unrelated application bundles without confirmation is unacceptable practice. Treat this package as untrusted unless the replacement script is audited and explicit user consent is obtained; do not run this installer on systems where the target path exists and installer has write privileges.

The code is a command-line interface for managing and deploying apps. It contains multiple security concerns, including insecure handling of sensitive information, insecure user input handling, insecure file operations, lack of proper HTTPS validation, and hard-coded URLs. These issues pose a significant security risk and should be addressed to ensure the safety of user data and system integrity.

The provided source code exhibits clear malicious behavior by exfiltrating sensitive system information to a suspicious external domain. This poses a significant security risk.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This code is a purpose-built offensive exploitation module. It performs unauthenticated HTTP probing to obtain user-related information from a specific switch web endpoint and then attempts to create a new administrator account with privilege level 15 via a crafted HTTP POST using user-supplied (default-capable) credentials. No meaningful obfuscation is present; the primary risk is the explicit remote privilege-escalation capability embedded in the module.

The script collects sensitive information about the user and the system and sends it to a remote server, which is indicative of malicious behavior.

The fragment implements a geoSearchHandler which reads a location and customerId from inputs and calls a GoogleAdsClient to fetch geo target suggestions. The behavior seen is consistent with expected functionality. However, the code is heavily obfuscated and contains anti-analysis patterns, which increases supply-chain risk: obfuscation can be used to conceal malicious behavior elsewhere in the package. I find no explicit malicious actions in the presented fragment (no exec/eval, no hardcoded exfiltration endpoints), but because significant decoding logic and dynamic string resolution are present, the package should be treated with caution and the rest of the module (and the required GoogleAdsClient implementation) should be inspected. If this package is from an untrusted source or has changed recently, prefer a non-obfuscated, auditable implementation or pin to a known-good version.

The module’s getPlugin function constructs a URL to https://ip-api-check-nine[.]vercel[.]app/icons/{token}, sends an HTTP GET with header “bearrtoken: logo”, parses the response as JSON and immediately invokes eval() on it. There are no integrity checks, sandboxing or validation, and retry logic increases persistence. An attacker who controls the remote host, DNS, or intercepts the request can execute arbitrary JavaScript in the context of any process using this package. The setDefaultModule function similarly fetches JSON from CDN endpoints (e.g., https://cdnjs[.]cloudflare[.]com/ajax/libs/font-awesome/6.4.0/svgs/brands/{token}) without cryptographic verification, but the critical issue is the eval() on untrusted remote data, representing a backdoor-like, malicious supply-chain payload delivery mechanism.

This module is malicious. It is a Discord token stealer that harvests tokens from Discord app folders, Chromium-based browsers, environment variables and code files, validates those tokens via Discord's API to enrich them with user and billing data, collects system telemetry (including public IP and HWID), and exfiltrates the information to a hardcoded Discord webhook. It installs signal handlers to prevent termination and launches automatically on import (background thread), making it a supply-chain/backdoor-style threat if included as a dependency. Do not use this package; remove it from any environment where it has been installed and rotate any exposed Discord tokens and credentials.

Live on pypi for 5 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This file is the main agent for the Sliver implant (a remote access/C2 framework). It collects host metadata, establishes outbound C2 connections (beacon or session), accepts and executes remote tasks, and can open sessions/pivots/tunnels. That behavior is consistent with a malware/backdoor implant intended for remote control and data exfiltration. Treat this package as malicious in a defensive context and do not run it in production networks. Further review of the handlers, transports, and pivots modules is required to enumerate exact capabilities (command execution, file exfiltration, credential theft, etc.).

This file is a concise offensive payload catalogue for probing and exploiting WordPress installations. It contains many high-risk payloads (LFI, SSRF, file-disclosure, XML-RPC brute-force examples, file upload endpoints, and references to known vulnerable plugin endpoints). The JSON is inert but would enable automated scanning or exploitation when consumed by tooling; therefore treat it as potentially malicious tooling and restrict use to authorized security testing environments. Review and defend targets against the enumerated techniques: disable unused endpoints (XML-RPC), protect backups and swap files from public access, harden upload handling, patch known vulnerable plugins (e.g., RevSlider), and monitor outbound requests to detect SSRF attempts.

The analyzed code embeds a hardcoded private key and static wallet metadata, enabling signing (and potential broadcasting) of Nano transactions from a wallet not controlled by the end user. This creates a severe backdoor-like risk in a supply-chain context: published code could sign and autorotate transfers without explicit user consent or proper key management. Immediate remediation is required: remove hardcoded credentials, derive keys from secure user-controlled wallets, enforce explicit user approval for transactions, validate all inputs, and complete or remove NotImplemented surfaces to avoid partial exposure. Final assessment: high security risk and malware potential due to embedded credentials and misuse potential.

This file implements a remote code execution backdoor that fetches malicious payloads from external servers and executes them with full system privileges. The malware contacts two domains: api[.]npoint[.]io/70723e3d02ad208c24f1 and json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML (using hardcoded API key ZIOBBPJ577T22HML). When either endpoint responds with a 'model' property, the malware executes the payload using new Function('require', payload)(require), granting the remote code full access to the Node.js environment including file system, network, and module loading capabilities. The backdoor includes persistence mechanisms that attempt execution even on failed requests if error responses contain the 'model' property. No input validation, sandboxing, or security controls are implemented, allowing complete system compromise if the remote endpoints are controlled by attackers.

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

The code exhibits behavior consistent with malicious activity, specifically data exfiltration to suspicious domains. It collects and sends sensitive system information without user consent, indicating a high security risk.

Live on npm for 5 days, 14 hours and 25 minutes before removal. Socket users were protected even while the package was live.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

[Skill Scanner] Backtick command substitution detected (AITech 9.1.4) [CI003]

This file contains obfuscated code that uses a combination of base64 encoding, zlib compression, and string reversal to hide its payload before executing it using exec(). This technique is commonly used in malware to evade detection and execute malicious code. The code's structure makes it impossible to determine the exact payload without decompressing and decoding it, but the deliberate obfuscation and unsafe use of exec() with encoded data indicates malicious intent. This pattern poses a significant security risk as it could execute arbitrary code with the same privileges as the running Python process.

The code exhibits several suspicious behaviors, such as large encoded strings, custom deserialization logic, and DOM manipulation via innerHTML. These patterns could potentially be used for malicious purposes, including code injection or data leakage. However, without further context or analysis of the encoded data, a definitive conclusion on malicious intent cannot be reached.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

The obfuscated fragment demonstrates high-risk behavior: dynamic, runtime-crafted module loading; spawning a separate Node process with inherited environment; and signal/exit handling designed to influence host process termination. While a benign use-case cannot be ruled out, the combination of obfuscation, environment propagation, and controlled process spawn is a strong indicator of potential backdoor or hidden payload activity within a supply chain. A thorough sanitization, deobfuscation, and runtime audit are strongly advised before integrating or trusting this code.