Secure your dependencies. Ship with confidence.

The package posed a significant security risk due to the presence of malicious code, prompting its removal from the npm registry.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file is not actively malicious: it only prints user-facing installation instructions and platform info and contains no code that performs network access, command execution, or data exfiltration. However it is syntactically and functionally broken and includes shell commands that, if executed by a user, would add a third-party apt repository and install software (a supply-chain risk). There are no hardcoded credentials or direct evidence of backdoors in this fragment. Recommend treating the printed install commands with caution and verifying binaries and repository provenance before following them.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This module contains legitimate-notification functions but embeds multiple hardcoded sensitive credentials (Gmail account + app password, several Telegram bot tokens and chat id). That presents a significant supply-chain and credential-exposure risk: if the repository or package is public or reused, attackers can abuse those credentials. I find no clear active malware (no remote shells, no obfuscated payloads, no dynamic code execution), but the hardcoded secrets make this package dangerous to publish or reuse without remediation.

Live on pypi for 112 days, 21 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The source code is designed to collect various pieces of system information and send them to a remote server. The code is heavily obfuscated, which is a common tactic to hide malicious behavior. The behavior of collecting and transmitting system data without user consent indicates a high likelihood of malicious intent.

Live on npm for 1 hour and 27 minutes before removal. Socket users were protected even while the package was live.

The code contains a clear backdoor-like pattern: a hardcoded private key used to sign and broadcast Nano transactions, coupled with static wallet metadata. If this function is reachable at runtime, it enables unauthorized transactions and poses a significant security risk in any supply-chain context. The presence of NotImplemented stubs does not mitigate the primary risk; remediation requires removing hardcoded secrets, deriving keys securely, validating inputs, and implementing secure signing flows with proper user authorization.

The install script packages the machine's /opt directory and uploads it to an external URL during installation. This is explicit, high-confidence malicious behavior (unauthorized data exfiltration). Installing this package would leak potentially sensitive files to a remote server.

The code embeds multi-stage payloads using Base64+LZMA, executed at import time, to install a Django AppConfig.ready() hook that enforces a brittle anti-tamper check (len(echart/views.py) == 18337) and then recursively compiles every Python source file to bytecode and deletes the originals. Errors are suppressed, and a remote activation endpoint is present for “pro” gating. This combination of hidden execution, anti-analysis, and destructive file operations constitutes high-risk supply-chain malware.

Live on pypi for 2 days, 17 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This module is an explicit offensive tool for launching network denial-of-service and reflection/amplification attacks across many protocols. It includes raw packet crafting and IP spoofing, amplification vectors, proxy/Tor support, and Cloudflare bypass logic. The code is malicious by purpose and should be considered unsafe and illegal to use in most contexts. It represents a high security risk and a supply-chain risk due to external dependencies. Do not run or include this in any production or shared codebase.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 41 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

High security risk. The module includes an explicit arbitrary JavaScript execution mechanism for preflight scripts inside a Web Worker using `AsyncFunction` and `with(lab){...}` with attacker-controlled script text. Preflight scripts can mutate `env.variables` and construct `lab.request.headers`, which are returned to the main thread and merged into real GraphQL HTTP/WS requests. Additionally, the `share` URL import can inject crafted headers/variables/extensions into runtime, amplifying impact. Use only with strictly trusted preflight scripts and tightly controlled shared-link/import sources; otherwise, treat as unsafe.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] No evidence of malware or hidden backdoors in the provided skill documentation. The functionality (image generation, search, and launch guidance) is coherent with the stated purpose. The main security considerations are (1) installing a remote script via curl|sh — a standard supply-chain risk unless checksums are verified, and (2) user prompts/images/search queries being sent to the inference.sh ecosystem (data/privacy consideration). Recommend users verify installer checksums before running, review the inference.sh privacy/data handling policy, and avoid sending sensitive secrets or proprietary images to the remote service. LLM verification: The skill description is coherent with its stated purpose of Product Hunt launch optimization, but the embedded installation pattern (curl ... | sh) and reliance on external CLI binaries introduce supply-chain and execution risks that are not mitigated within the fragment. While the content itself is instructional for launch planning, the install/execution approach exposes users to potential code execution from untrusted sources. The documentation would be safer if it mandated verified, pinned i

The script creates a reverse shell which connects to an external IP address, providing remote access to the user's system. Additionally, it sends data to an external server.

Live on npm for 16 hours and 46 minutes before removal. Socket users were protected even while the package was live.

This script appears to be designed to exfiltrate user information by encoding it and sending it to a potentially malicious domain. This behavior is highly suspicious and poses a significant security risk.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

The package posed a significant security risk due to the presence of malicious code, prompting its removal from the npm registry.

The code implements remote dynamic class loading and execution via network fetch and reflection. While such a mechanism can be legitimate for plugin ecosystems, it introduces a clear remote-code-execution risk in supply-chain contexts. It should be treated as high-risk for unauthenticated payload loading and require strong controls: TLS, payload signing/verification, strict allowlists, sandboxing, and minimum privileges. If kept, ensure robust auditing and runtime protections.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file is not actively malicious: it only prints user-facing installation instructions and platform info and contains no code that performs network access, command execution, or data exfiltration. However it is syntactically and functionally broken and includes shell commands that, if executed by a user, would add a third-party apt repository and install software (a supply-chain risk). There are no hardcoded credentials or direct evidence of backdoors in this fragment. Recommend treating the printed install commands with caution and verifying binaries and repository provenance before following them.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This module contains legitimate-notification functions but embeds multiple hardcoded sensitive credentials (Gmail account + app password, several Telegram bot tokens and chat id). That presents a significant supply-chain and credential-exposure risk: if the repository or package is public or reused, attackers can abuse those credentials. I find no clear active malware (no remote shells, no obfuscated payloads, no dynamic code execution), but the hardcoded secrets make this package dangerous to publish or reuse without remediation.

Live on pypi for 112 days, 21 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The source code is designed to collect various pieces of system information and send them to a remote server. The code is heavily obfuscated, which is a common tactic to hide malicious behavior. The behavior of collecting and transmitting system data without user consent indicates a high likelihood of malicious intent.

Live on npm for 1 hour and 27 minutes before removal. Socket users were protected even while the package was live.

The code contains a clear backdoor-like pattern: a hardcoded private key used to sign and broadcast Nano transactions, coupled with static wallet metadata. If this function is reachable at runtime, it enables unauthorized transactions and poses a significant security risk in any supply-chain context. The presence of NotImplemented stubs does not mitigate the primary risk; remediation requires removing hardcoded secrets, deriving keys securely, validating inputs, and implementing secure signing flows with proper user authorization.

The install script packages the machine's /opt directory and uploads it to an external URL during installation. This is explicit, high-confidence malicious behavior (unauthorized data exfiltration). Installing this package would leak potentially sensitive files to a remote server.

The code embeds multi-stage payloads using Base64+LZMA, executed at import time, to install a Django AppConfig.ready() hook that enforces a brittle anti-tamper check (len(echart/views.py) == 18337) and then recursively compiles every Python source file to bytecode and deletes the originals. Errors are suppressed, and a remote activation endpoint is present for “pro” gating. This combination of hidden execution, anti-analysis, and destructive file operations constitutes high-risk supply-chain malware.

Live on pypi for 2 days, 17 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This module is an explicit offensive tool for launching network denial-of-service and reflection/amplification attacks across many protocols. It includes raw packet crafting and IP spoofing, amplification vectors, proxy/Tor support, and Cloudflare bypass logic. The code is malicious by purpose and should be considered unsafe and illegal to use in most contexts. It represents a high security risk and a supply-chain risk due to external dependencies. Do not run or include this in any production or shared codebase.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 4 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information by sending it to an external domain via DNS queries. This is a clear indication of malicious behavior, as it involves unauthorized data transmission without user consent.

Live on npm for 1 hour and 41 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

High security risk. The module includes an explicit arbitrary JavaScript execution mechanism for preflight scripts inside a Web Worker using `AsyncFunction` and `with(lab){...}` with attacker-controlled script text. Preflight scripts can mutate `env.variables` and construct `lab.request.headers`, which are returned to the main thread and merged into real GraphQL HTTP/WS requests. Additionally, the `share` URL import can inject crafted headers/variables/extensions into runtime, amplifying impact. Use only with strictly trusted preflight scripts and tightly controlled shared-link/import sources; otherwise, treat as unsafe.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] No evidence of malware or hidden backdoors in the provided skill documentation. The functionality (image generation, search, and launch guidance) is coherent with the stated purpose. The main security considerations are (1) installing a remote script via curl|sh — a standard supply-chain risk unless checksums are verified, and (2) user prompts/images/search queries being sent to the inference.sh ecosystem (data/privacy consideration). Recommend users verify installer checksums before running, review the inference.sh privacy/data handling policy, and avoid sending sensitive secrets or proprietary images to the remote service. LLM verification: The skill description is coherent with its stated purpose of Product Hunt launch optimization, but the embedded installation pattern (curl ... | sh) and reliance on external CLI binaries introduce supply-chain and execution risks that are not mitigated within the fragment. While the content itself is instructional for launch planning, the install/execution approach exposes users to potential code execution from untrusted sources. The documentation would be safer if it mandated verified, pinned i

The script creates a reverse shell which connects to an external IP address, providing remote access to the user's system. Additionally, it sends data to an external server.

Live on npm for 16 hours and 46 minutes before removal. Socket users were protected even while the package was live.

This script appears to be designed to exfiltrate user information by encoding it and sending it to a potentially malicious domain. This behavior is highly suspicious and poses a significant security risk.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.