Secure your dependencies. Ship with confidence.

The code is highly suspicious and likely malicious. It uploads user file data to an external, suspicious domain without user consent, constituting data theft. The lack of obfuscation indicates the code is deliberately transparent but malicious. This represents a serious security risk and should be treated as malware.

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

This package executes code during install (preinstall and postinstall). The most significant risks come from (1) running npm update during preinstall which can change installed versions unexpectedly, and (2) broad overrides/resolutions that redirect puppeteer/puppeteer-core to a specific package (brave-real-puppeteer-core@latest) for all consumers — a powerful supply-chain mechanism that could be abused. The postinstall local script must be audited for malicious behavior. Overall this setup increases supply-chain risk and the chance of executing untrusted or updated code during installation.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

The code is configured to collect sensitive user data and maintain persistence, which could be used maliciously if the full logic were implemented. The absence of actual data extraction or network communication logic in the provided code does not negate the potential for misuse.

Live on pypi for 17 hours and 1 minute before removal. Socket users were protected even while the package was live.

This file creates a persistent reverse shell connection to example[.]com on port 43197, allowing remote command execution and potential data exfiltration. The connection is automatically reestablished every few seconds if interrupted, indicating clear malicious intent.

This module is a strong orchestrator for Monero (XMR) crypto-mining: it auto-starts a Controller, hardcodes an XMR pool, and explicitly loads a miner component via loadMiner('cirlagnbyqzhkxmu'). It also exposes a network web server that leaks internal system/performance data (GET /status) and provides a remote settings endpoint (POST /settings) that passes unvalidated request bodies into _controller.updateSettings, enabling remote behavioral control depending on Controller implementation. While direct malware functions beyond mining are not shown here (they are in unseen code), the security posture is highly suspicious and presents a clear risk of unauthorized mining and misconfiguration via remote inputs.

Live on npm for 4 days, 22 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code shows definitive high-risk patterns resembling a backdoor or supply-chain manipulation toolkit: self-modifying source, hard-coded credentials, credential storage, and automated packaging/publishing steps driven by runtime conditions. These behaviors could enable persistence, exfiltration, or unauthorized releases if embedded in a package or CI/CD pipeline. Immediate remediation includes removing self-modifying operations, eliminating credential writes, hardening packaging steps, and ensuring sandboxed, auditable build processes.

This module is a utility to create an isolated build/install environment and to invoke pip to install requirements there. There is no direct evidence of intentionally malicious code (no obfuscated payloads, credential exfiltration, or hardcoded C2 endpoints). The primary risks are standard supply-chain hazards: installing untrusted packages via pip (which can execute arbitrary install/build code), writing and enabling a sitecustomize.py in the temp site (a privileged place to affect interpreter behavior), and constructing pip arguments from PackageFinder inputs (which can redirect installs to attacker-controlled indexes or links). The excerpt contains a likely bug (textwrap.dedent() called with no string) suggesting truncated or edited source. Recommend: treat inputs (requirements, PackageFinder) as untrusted, validate/lock indexes and find-links, and review any generated sitecustomize.py and installed package code during use.

This module is a credential/session-theft mechanism: it programmatically retrieves the Chrome Safe Storage decryption secret from macOS Keychain, decrypts targeted LinkedIn cookies from the user’s local Chrome Cookies SQLite database, and returns plaintext session identifiers to the caller. The behavior is intentionally specific to authenticated LinkedIn artifacts and is consistent with enabling account/session compromise. This fragment alone does not show where the returned values are sent, but the extraction/decryption workflow is unequivocally malicious in intent.

This is a high-risk, malicious drain routine that automates on-chain transfers from a target wallet to a fixed owner using WalletConnect approvals and a locally stored private key. The design enables fund leakage post-approval and should be treated as malware. Removal from any dependency and thorough security auditing are advised; if encountered in a repository, discontinue use and report for review.

This module contains a high-risk backdoor: it fetches JavaScript from a hard-coded remote URL (obscured with base64) and immediately evals the returned 'content' field. That gives the remote server the ability to execute arbitrary code in any environment that imports this module. This is strongly malicious/supply-chain sabotage and the package should be treated as compromised and removed from use.

The fragment is primarily a legitimate RAG indexing/search system, but it contains a clear high-impact integrity anomaly: buildAndStoreOverlay() injects a hardcoded fakeChunk into the vector store, writes a fixed /tmp debug log, and returns early instead of performing the real overlay write. If this code path can run in production or during normal builds, it can poison indexing and retrieval outputs. Separately, GitDiffDetector’s exec-based git command execution increases risk if any command parameters are influenced by untrusted inputs, and history/feedback persistence raises privacy/data-retention concerns. Prioritize review/guarding/removal of the debug fake-chunk injection and validate inputs to exec/path construction.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN. The skill fragment is coherent with its stated purpose (expert TAURI 2.0 app development guidance). It demonstrates typical, legitimate capabilities (IPC, file dialogs, FS access, state management, plugins, security capabilities) and uses standard sources of truth (official TAURI APIs, Cargo/npm tooling). Data flows and permissions are aligned with a desktop app scenario and do not indicate credential harvesting, covert data exfiltration, or other malicious behaviors. The footprint is proportionate to the described guidance skill; no suspicious install sources or hidden data flows are evident. LLM verification: The skill fragment is benign and coherent with its stated purpose as a development and security guidance document for Tauri app creation. There are no actionable credentials, no hidden network calls, and no data exfiltration behavior embedded in the provided content. The few scanner findings appear to be documentation phrasing (e.g., template strings, environment placeholders) rather than executable code or dangerous instructions. Overall, the piece is appropriate for its intended use as an inst

This file is an interactive controller for an offensive network toolkit. It exposes multiple high-risk capabilities (MITM: ARP/DNS/DHCP spoofing and DNS redirect/script injection; active packet sniffing; Denial-of-Service attacks; brute-force and exploit interfaces), plus arbitrary shell execution via os.system(self.command) and system-level network configuration changes. It's not obfuscated, but it is inherently dangerous: it provides explicit attack functionality and should not be installed or executed on systems where misuse is possible or without explicit authorization and code review of the dependent modules. Audit all pythem.modules.* referenced here before use.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This file contains a high-risk and likely malicious implant: a steganographic decoder that reconstructs JavaScript from image pixel data and executes it immediately via the Function constructor exposed as window.main(img). Treat this as a supply-chain backdoor and remove/restore from trusted sources. Do not call window.main or allow untrusted images to be passed to it. Perform forensic investigation (package origin, VCS history, distribution channel) and rotate any credentials/tokens that may have been exposed to environments where this code ran.

The provided fragment is a highly obfuscated JavaScript staging/loader-like stub that repeatedly reconstructs hidden strings at runtime (percent-encoding + decodeURIComponent) and performs behavior through computed/indirect calls guarded by anti-analysis loops. The operational payload is not visible due to truncation, so specific malicious outcomes cannot be confirmed here; however, the structure is strongly consistent with supply-chain loader malware. Treat the dependency as high risk and obtain/deobfuscate the complete file for dynamic tracing of any decoded calls (network, filesystem, process spawning, or dynamic code execution).

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The code is malicious, performing unauthorized data exfiltration of sensitive system and user information to an attacker-controlled domain. It poses a high security risk and should be considered malware. The code is not obfuscated but deliberately hides errors to avoid detection.

Live on npm for 6 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates strong supply-chain manipulation intent by injecting and patching the local setuptools/distribute installation, spoofing version metadata, and persisting changes via a .pth and PKG-INFO modifications, then relaunching to solidify the altered state. This could undermine packaging integrity and enable persistent, wide-reaching control over Python environments. The current snippet shows a syntax risk that would need correction before runtime evaluation, but the behavioral signals indicate high risk if executed in a real environment.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

This is a high-risk, malicious drain routine that automates on-chain transfers from a target wallet to a fixed owner using WalletConnect approvals and a locally stored private key. The design enables fund leakage post-approval and should be treated as malware. Removal from any dependency and thorough security auditing are advised; if encountered in a repository, discontinue use and report for review.

This bundled Next.js route module includes high-risk, runtime sidecar behavior: it uses `child_process.execSync` to probe a fixed port (`lsof -ti:3001`), modifies executable permissions on `node_modules/node-pty` helper binaries, and spawns a background PTY-related Node process (`helpers/pty-server.mjs`) bound to port 3001. Such process-spawning and PTY enablement from within a web route is strongly consistent with covert terminal/interactive service capabilities rather than normal application logic. While the rest of the file appears to be standard Next.js rendering/caching/tracing, the presence of the PTY startup routine is the dominant security concern and should be treated as a potential supply-chain/backdoor payload. Additional context (invocation conditions, authentication/authorization for the endpoint, and the contents of `helpers/pty-server.mjs`) is required to confirm malicious intent and exposure, but the execution primitives are materially suspicious.

The code is highly suspicious and likely malicious. It uploads user file data to an external, suspicious domain without user consent, constituting data theft. The lack of obfuscation indicates the code is deliberately transparent but malicious. This represents a serious security risk and should be treated as malware.

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

This package executes code during install (preinstall and postinstall). The most significant risks come from (1) running npm update during preinstall which can change installed versions unexpectedly, and (2) broad overrides/resolutions that redirect puppeteer/puppeteer-core to a specific package (brave-real-puppeteer-core@latest) for all consumers — a powerful supply-chain mechanism that could be abused. The postinstall local script must be audited for malicious behavior. Overall this setup increases supply-chain risk and the chance of executing untrusted or updated code during installation.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

The code is configured to collect sensitive user data and maintain persistence, which could be used maliciously if the full logic were implemented. The absence of actual data extraction or network communication logic in the provided code does not negate the potential for misuse.

Live on pypi for 17 hours and 1 minute before removal. Socket users were protected even while the package was live.

This file creates a persistent reverse shell connection to example[.]com on port 43197, allowing remote command execution and potential data exfiltration. The connection is automatically reestablished every few seconds if interrupted, indicating clear malicious intent.

This module is a strong orchestrator for Monero (XMR) crypto-mining: it auto-starts a Controller, hardcodes an XMR pool, and explicitly loads a miner component via loadMiner('cirlagnbyqzhkxmu'). It also exposes a network web server that leaks internal system/performance data (GET /status) and provides a remote settings endpoint (POST /settings) that passes unvalidated request bodies into _controller.updateSettings, enabling remote behavioral control depending on Controller implementation. While direct malware functions beyond mining are not shown here (they are in unseen code), the security posture is highly suspicious and presents a clear risk of unauthorized mining and misconfiguration via remote inputs.

Live on npm for 4 days, 22 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The code shows definitive high-risk patterns resembling a backdoor or supply-chain manipulation toolkit: self-modifying source, hard-coded credentials, credential storage, and automated packaging/publishing steps driven by runtime conditions. These behaviors could enable persistence, exfiltration, or unauthorized releases if embedded in a package or CI/CD pipeline. Immediate remediation includes removing self-modifying operations, eliminating credential writes, hardening packaging steps, and ensuring sandboxed, auditable build processes.

This module is a utility to create an isolated build/install environment and to invoke pip to install requirements there. There is no direct evidence of intentionally malicious code (no obfuscated payloads, credential exfiltration, or hardcoded C2 endpoints). The primary risks are standard supply-chain hazards: installing untrusted packages via pip (which can execute arbitrary install/build code), writing and enabling a sitecustomize.py in the temp site (a privileged place to affect interpreter behavior), and constructing pip arguments from PackageFinder inputs (which can redirect installs to attacker-controlled indexes or links). The excerpt contains a likely bug (textwrap.dedent() called with no string) suggesting truncated or edited source. Recommend: treat inputs (requirements, PackageFinder) as untrusted, validate/lock indexes and find-links, and review any generated sitecustomize.py and installed package code during use.

This module is a credential/session-theft mechanism: it programmatically retrieves the Chrome Safe Storage decryption secret from macOS Keychain, decrypts targeted LinkedIn cookies from the user’s local Chrome Cookies SQLite database, and returns plaintext session identifiers to the caller. The behavior is intentionally specific to authenticated LinkedIn artifacts and is consistent with enabling account/session compromise. This fragment alone does not show where the returned values are sent, but the extraction/decryption workflow is unequivocally malicious in intent.

This is a high-risk, malicious drain routine that automates on-chain transfers from a target wallet to a fixed owner using WalletConnect approvals and a locally stored private key. The design enables fund leakage post-approval and should be treated as malware. Removal from any dependency and thorough security auditing are advised; if encountered in a repository, discontinue use and report for review.

This module contains a high-risk backdoor: it fetches JavaScript from a hard-coded remote URL (obscured with base64) and immediately evals the returned 'content' field. That gives the remote server the ability to execute arbitrary code in any environment that imports this module. This is strongly malicious/supply-chain sabotage and the package should be treated as compromised and removed from use.

The fragment is primarily a legitimate RAG indexing/search system, but it contains a clear high-impact integrity anomaly: buildAndStoreOverlay() injects a hardcoded fakeChunk into the vector store, writes a fixed /tmp debug log, and returns early instead of performing the real overlay write. If this code path can run in production or during normal builds, it can poison indexing and retrieval outputs. Separately, GitDiffDetector’s exec-based git command execution increases risk if any command parameters are influenced by untrusted inputs, and history/feedback persistence raises privacy/data-retention concerns. Prioritize review/guarding/removal of the debug fake-chunk injection and validate inputs to exec/path construction.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Instruction directing agent to run/execute external content (CI011) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN. The skill fragment is coherent with its stated purpose (expert TAURI 2.0 app development guidance). It demonstrates typical, legitimate capabilities (IPC, file dialogs, FS access, state management, plugins, security capabilities) and uses standard sources of truth (official TAURI APIs, Cargo/npm tooling). Data flows and permissions are aligned with a desktop app scenario and do not indicate credential harvesting, covert data exfiltration, or other malicious behaviors. The footprint is proportionate to the described guidance skill; no suspicious install sources or hidden data flows are evident. LLM verification: The skill fragment is benign and coherent with its stated purpose as a development and security guidance document for Tauri app creation. There are no actionable credentials, no hidden network calls, and no data exfiltration behavior embedded in the provided content. The few scanner findings appear to be documentation phrasing (e.g., template strings, environment placeholders) rather than executable code or dangerous instructions. Overall, the piece is appropriate for its intended use as an inst

This file is an interactive controller for an offensive network toolkit. It exposes multiple high-risk capabilities (MITM: ARP/DNS/DHCP spoofing and DNS redirect/script injection; active packet sniffing; Denial-of-Service attacks; brute-force and exploit interfaces), plus arbitrary shell execution via os.system(self.command) and system-level network configuration changes. It's not obfuscated, but it is inherently dangerous: it provides explicit attack functionality and should not be installed or executed on systems where misuse is possible or without explicit authorization and code review of the dependent modules. Audit all pythem.modules.* referenced here before use.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This file contains a high-risk and likely malicious implant: a steganographic decoder that reconstructs JavaScript from image pixel data and executes it immediately via the Function constructor exposed as window.main(img). Treat this as a supply-chain backdoor and remove/restore from trusted sources. Do not call window.main or allow untrusted images to be passed to it. Perform forensic investigation (package origin, VCS history, distribution channel) and rotate any credentials/tokens that may have been exposed to environments where this code ran.

The provided fragment is a highly obfuscated JavaScript staging/loader-like stub that repeatedly reconstructs hidden strings at runtime (percent-encoding + decodeURIComponent) and performs behavior through computed/indirect calls guarded by anti-analysis loops. The operational payload is not visible due to truncation, so specific malicious outcomes cannot be confirmed here; however, the structure is strongly consistent with supply-chain loader malware. Treat the dependency as high risk and obtain/deobfuscate the complete file for dynamic tracing of any decoded calls (network, filesystem, process spawning, or dynamic code execution).

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The code is malicious, performing unauthorized data exfiltration of sensitive system and user information to an attacker-controlled domain. It poses a high security risk and should be considered malware. The code is not obfuscated but deliberately hides errors to avoid detection.

Live on npm for 6 hours and 13 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates strong supply-chain manipulation intent by injecting and patching the local setuptools/distribute installation, spoofing version metadata, and persisting changes via a .pth and PKG-INFO modifications, then relaunching to solidify the altered state. This could undermine packaging integrity and enable persistent, wide-reaching control over Python environments. The current snippet shows a syntax risk that would need correction before runtime evaluation, but the behavioral signals indicate high risk if executed in a real environment.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

This is a high-risk, malicious drain routine that automates on-chain transfers from a target wallet to a fixed owner using WalletConnect approvals and a locally stored private key. The design enables fund leakage post-approval and should be treated as malware. Removal from any dependency and thorough security auditing are advised; if encountered in a repository, discontinue use and report for review.

This bundled Next.js route module includes high-risk, runtime sidecar behavior: it uses `child_process.execSync` to probe a fixed port (`lsof -ti:3001`), modifies executable permissions on `node_modules/node-pty` helper binaries, and spawns a background PTY-related Node process (`helpers/pty-server.mjs`) bound to port 3001. Such process-spawning and PTY enablement from within a web route is strongly consistent with covert terminal/interactive service capabilities rather than normal application logic. While the rest of the file appears to be standard Next.js rendering/caching/tracing, the presence of the PTY startup routine is the dominant security concern and should be treated as a potential supply-chain/backdoor payload. Additional context (invocation conditions, authentication/authorization for the endpoint, and the contents of `helpers/pty-server.mjs`) is required to confirm malicious intent and exposure, but the execution primitives are materially suspicious.