Secure your dependencies. Ship with confidence.

This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.

The code exhibits suspicious behavior by collecting and transmitting sensitive information, including system details and command execution output, to an external server. This indicates potentially malicious intent, particularly given the use of a seemingly random external domain.

Live on npm for 28 days, 10 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.

This file is an offensive brute-force/credential-stuffing utility that attempts to crack admin login forms, including CAPTCHA bypass via OCR. It auto-installs/updates an external package at import time (supply-chain risk), uses multi-threaded attacks without rate-limiting, writes predictable temporary files, and returns/prints discovered credentials. The code is malicious in purpose and dangerous to run; do not execute it. Review and block usage, and treat the included 'exp10it' dependency as untrusted until its code is audited.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The script contains explicit destructive operations: it extracts a DB password from settings.py (and exposes it via the mysql CLI), enumerates tables and issues DROP TABLE statements, force-removes migration files from VCS and filesystem, and then runs make targets to reinitialize migrations. This is high-risk for data loss and credential exposure if run unintentionally or in a production environment. There is no evidence of covert data exfiltration or advanced obfuscation; it appears to be a maintenance/sanitization script but is dangerous and should not be run without careful verification of environment and backups.

This file contains a legitimate-sounding DICOM addin surface but also a large, intentionally-obfuscated native-code loader: it reads embedded data, decodes/decrypts it, allocates executable memory, writes the payload, and invokes it via function-pointer->delegate conversion. Those behaviors are strong indicators of a runtime code loader/shellcode injector inside an assembly. Even if used for benign plugin unpacking, the pattern is dangerous in libraries and is frequently abused in supply-chain and trojanized packages. I recommend treating this module as malicious or at minimum high risk: do not use it without further forensic review of the embedded payload bytes and provenance.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] Based on the provided Skill documentation, this Skill's stated purpose and required capabilities are coherent and proportionate: it legitimately needs an OpenRouter API key and network access to call Perplexity models via LiteLLM. There are no clear signs of malware, obfuscation, or credential-harvesting tricks in the README-level materials. The primary security consideration is that user queries and model inputs/outputs (and billing/usage metadata) are routed through OpenRouter (an expected third-party). Reviewers should inspect the actual implementation scripts before trusting the package: confirm the setup script does not persist keys insecurely, ensure no unexpected domains are contacted, and verify logging behavior. Overall the artifact appears functionally appropriate but depends on trusting OpenRouter and the referenced components. LLM verification: The provided SKILL.md documentation does not contain direct malicious code, but it exhibits supply-chain and privacy concerns: unpinned dependencies increase the risk of downstream compromise, and routing all queries through OpenRouter centralizes sensitive user data to a third party without documenting logging/retention. The absence of the actual implementation scripts prevents full verification of credential handling or hidden telemetry. Before use, obtain and audit the referenced scripts, pin

This setup.py contains a concealed executable payload: an encrypted code blob and its decryption key embedded in the source, which is decrypted and executed during installation on Windows via exec(). The behavior is consistent with a malicious supply-chain/backdoor/typosquatting attempt. Do not install this package in production or untrusted environments. If investigation is required, extract and decrypt the payload only in an isolated, offline sandbox and analyze the decrypted code and any network indicators. The package should be considered high-risk and likely malicious.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The script downloads a file from a remote server. The URL appears to be suspicious and could potentially lead to the execution of malicious code.

Live on npm for 15 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This file performs direct data exfiltration: it runs a shell command to list /opt and posts the output and timestamp to a hardcoded external host. This behavior is malicious or highly suspicious in the context of a dependency/library. Do not run or include this code in production. Treat the package as compromised: remove, block network access, and investigate repository history and publisher. If present in a codebase, perform a full audit for other occurrences and rotate any exposed secrets on affected systems.

The code pattern enables arbitrary code execution from command-line input, representing a severe security risk and potential backdoor behavior if used in a library. Immediate actions include removing or sandboxing exec, restricting input, and auditing for unintended exposure of globals. This sketch is not safe for public or untrusted environments.

This file is high-risk. It hides executable logic in a compressed+encoded blob and executes it immediately with exec(), which defeats code review and enables arbitrary behavior at import time. Treat this package as untrusted until the embedded payload is decompressed and audited. If you cannot obtain clear, auditable source from the maintainer, do not install or run this package in production or on sensitive hosts.

Live on PyPI for 4 days, 2 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code is intended to start a local server for development or testing purposes. There is potential risk if the binaries that are executed are not from a trusted source or if they have been tampered with. However, without further evidence of malicious intent or behavior in the actual binaries being executed, it is not possible to conclude definitively that this code contains malware.

The module acts as a local HTTP agent/relay that collects user_key and client IPs, calls local services, and regularly posts aggregated 'online_user_list' and related metadata to a hard-coded remote domain using an embedded API key. Even though no interactive shell or destructive code is obvious in the readable portions, the automatic exfiltration behavior (periodic heartbeat plus proxied remote calls) and hard-coded credentials/endpoints are characteristic of a backdoor/telemetry agent. Treat this package as suspicious: do not run in trusted environments until provenance is validated, remote endpoints and the embedded API_KEY are audited, and the garbled/corrupted file content is resolved to a clean source for full review.

This module is a remote-controlled Instagram automation/bot that uses supplied credentials to perform follow actions directed by an external server. It is designed to abuse Instagram accounts (automated following) and operate persistently. The code shows multiple malicious/abusive indicators: contact to a C2-like domain ('evil' in name), hardcoded/stale header and cookie artifacts, randomized header values to evade detection, and indefinite looping with no safe controls. While it does not explicitly exfiltrate plaintext credentials to the remote host in the visible code, it enables the remote host to drive authenticated actions and therefore facilitates account abuse and potential escrow of account control. Do not run this code with real credentials; it likely violates platform terms and poses high security risk to accounts using it.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is explicitly designed to build and install a 'Rogue Agent' APK on Android devices connected via adb and to start it using multiple intent methods. The code actively writes an APK to disk and executes adb commands to install and run it — behavior that compromises connected devices. The fragment itself does not show obfuscation, but its purpose is offensive/malicious unless used in an authorized testing context. Because the agent contents (build_agent) are not shown, additional malicious capabilities could exist inside the APK. Use of this code on devices without explicit owner consent is a clear security threat.

This setup.py contains a high-risk backdoor pattern: it will unconditionally load and execute code from a bundled zip file (zip.zip) during package installation. That behavior enables arbitrary code execution in the installer's context and is a clear supply-chain risk. If zip.zip contains malicious payloads, they will run automatically. Avoid installing this package or inspect the contents of zip.zip before running installation. The file itself does not show explicit theft or exfiltration, but the pattern is sufficient to consider the package unsafe.

Live on PyPI for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This source contains highly suspicious and likely malicious loader/unpacker logic embedded alongside DataAccessLayer code. The obfuscated class performs resource extraction, cryptographic decoding, allocates executable memory, writes native code, resolves function pointers and invokes them, plus inspects process modules/versions for conditional behavior. These are strong indicators of a runtime payload loader/backdoor (supply-chain style). Treat this package as compromised and avoid use until the code is fully deobfuscated and provenance verified.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).

This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.

The code exhibits suspicious behavior by collecting and transmitting sensitive information, including system details and command execution output, to an external server. This indicates potentially malicious intent, particularly given the use of a seemingly random external domain.

Live on npm for 28 days, 10 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.

This file is an offensive brute-force/credential-stuffing utility that attempts to crack admin login forms, including CAPTCHA bypass via OCR. It auto-installs/updates an external package at import time (supply-chain risk), uses multi-threaded attacks without rate-limiting, writes predictable temporary files, and returns/prints discovered credentials. The code is malicious in purpose and dangerous to run; do not execute it. Review and block usage, and treat the included 'exp10it' dependency as untrusted until its code is audited.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

The script contains explicit destructive operations: it extracts a DB password from settings.py (and exposes it via the mysql CLI), enumerates tables and issues DROP TABLE statements, force-removes migration files from VCS and filesystem, and then runs make targets to reinitialize migrations. This is high-risk for data loss and credential exposure if run unintentionally or in a production environment. There is no evidence of covert data exfiltration or advanced obfuscation; it appears to be a maintenance/sanitization script but is dangerous and should not be run without careful verification of environment and backups.

This file contains a legitimate-sounding DICOM addin surface but also a large, intentionally-obfuscated native-code loader: it reads embedded data, decodes/decrypts it, allocates executable memory, writes the payload, and invokes it via function-pointer->delegate conversion. Those behaviors are strong indicators of a runtime code loader/shellcode injector inside an assembly. Even if used for benign plugin unpacking, the pattern is dangerous in libraries and is frequently abused in supply-chain and trojanized packages. I recommend treating this module as malicious or at minimum high risk: do not use it without further forensic review of the embedded payload bytes and provenance.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] Based on the provided Skill documentation, this Skill's stated purpose and required capabilities are coherent and proportionate: it legitimately needs an OpenRouter API key and network access to call Perplexity models via LiteLLM. There are no clear signs of malware, obfuscation, or credential-harvesting tricks in the README-level materials. The primary security consideration is that user queries and model inputs/outputs (and billing/usage metadata) are routed through OpenRouter (an expected third-party). Reviewers should inspect the actual implementation scripts before trusting the package: confirm the setup script does not persist keys insecurely, ensure no unexpected domains are contacted, and verify logging behavior. Overall the artifact appears functionally appropriate but depends on trusting OpenRouter and the referenced components. LLM verification: The provided SKILL.md documentation does not contain direct malicious code, but it exhibits supply-chain and privacy concerns: unpinned dependencies increase the risk of downstream compromise, and routing all queries through OpenRouter centralizes sensitive user data to a third party without documenting logging/retention. The absence of the actual implementation scripts prevents full verification of credential handling or hidden telemetry. Before use, obtain and audit the referenced scripts, pin

This setup.py contains a concealed executable payload: an encrypted code blob and its decryption key embedded in the source, which is decrypted and executed during installation on Windows via exec(). The behavior is consistent with a malicious supply-chain/backdoor/typosquatting attempt. Do not install this package in production or untrusted environments. If investigation is required, extract and decrypt the payload only in an isolated, offline sandbox and analyze the decrypted code and any network indicators. The package should be considered high-risk and likely malicious.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

The script downloads a file from a remote server. The URL appears to be suspicious and could potentially lead to the execution of malicious code.

Live on npm for 15 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This file performs direct data exfiltration: it runs a shell command to list /opt and posts the output and timestamp to a hardcoded external host. This behavior is malicious or highly suspicious in the context of a dependency/library. Do not run or include this code in production. Treat the package as compromised: remove, block network access, and investigate repository history and publisher. If present in a codebase, perform a full audit for other occurrences and rotate any exposed secrets on affected systems.

The code pattern enables arbitrary code execution from command-line input, representing a severe security risk and potential backdoor behavior if used in a library. Immediate actions include removing or sandboxing exec, restricting input, and auditing for unintended exposure of globals. This sketch is not safe for public or untrusted environments.

This file is high-risk. It hides executable logic in a compressed+encoded blob and executes it immediately with exec(), which defeats code review and enables arbitrary behavior at import time. Treat this package as untrusted until the embedded payload is decompressed and audited. If you cannot obtain clear, auditable source from the maintainer, do not install or run this package in production or on sensitive hosts.

Live on PyPI for 4 days, 2 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

The code is intended to start a local server for development or testing purposes. There is potential risk if the binaries that are executed are not from a trusted source or if they have been tampered with. However, without further evidence of malicious intent or behavior in the actual binaries being executed, it is not possible to conclude definitively that this code contains malware.

The module acts as a local HTTP agent/relay that collects user_key and client IPs, calls local services, and regularly posts aggregated 'online_user_list' and related metadata to a hard-coded remote domain using an embedded API key. Even though no interactive shell or destructive code is obvious in the readable portions, the automatic exfiltration behavior (periodic heartbeat plus proxied remote calls) and hard-coded credentials/endpoints are characteristic of a backdoor/telemetry agent. Treat this package as suspicious: do not run in trusted environments until provenance is validated, remote endpoints and the embedded API_KEY are audited, and the garbled/corrupted file content is resolved to a clean source for full review.

This module is a remote-controlled Instagram automation/bot that uses supplied credentials to perform follow actions directed by an external server. It is designed to abuse Instagram accounts (automated following) and operate persistently. The code shows multiple malicious/abusive indicators: contact to a C2-like domain ('evil' in name), hardcoded/stale header and cookie artifacts, randomized header values to evade detection, and indefinite looping with no safe controls. While it does not explicitly exfiltrate plaintext credentials to the remote host in the visible code, it enables the remote host to drive authenticated actions and therefore facilitates account abuse and potential escrow of account control. Do not run this code with real credentials; it likely violates platform terms and poses high security risk to accounts using it.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is explicitly designed to build and install a 'Rogue Agent' APK on Android devices connected via adb and to start it using multiple intent methods. The code actively writes an APK to disk and executes adb commands to install and run it — behavior that compromises connected devices. The fragment itself does not show obfuscation, but its purpose is offensive/malicious unless used in an authorized testing context. Because the agent contents (build_agent) are not shown, additional malicious capabilities could exist inside the APK. Use of this code on devices without explicit owner consent is a clear security threat.

This setup.py contains a high-risk backdoor pattern: it will unconditionally load and execute code from a bundled zip file (zip.zip) during package installation. That behavior enables arbitrary code execution in the installer's context and is a clear supply-chain risk. If zip.zip contains malicious payloads, they will run automatically. Avoid installing this package or inspect the contents of zip.zip before running installation. The file itself does not show explicit theft or exfiltration, but the pattern is sufficient to consider the package unsafe.

Live on PyPI for 6 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This script is exfiltrating sensitive system information to a remote server without the user's consent. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

This source contains highly suspicious and likely malicious loader/unpacker logic embedded alongside DataAccessLayer code. The obfuscated class performs resource extraction, cryptographic decoding, allocates executable memory, writes native code, resolves function pointers and invokes them, plus inspects process modules/versions for conditional behavior. These are strong indicators of a runtime payload loader/backdoor (supply-chain style). Treat this package as compromised and avoid use until the code is fully deobfuscated and provenance verified.

This module implements privileged node and device management and exposes HTTP endpoints that accept user input used directly in shell commands and Docker operations. Main risks: command injection (unsanitized string interpolation into shell commands and os.popen), destructive device operations (partitioning, bind/unbind), supplying arbitrary images to be pulled and run as privileged containers, and use of an unencrypted/unprotected Docker TCP socket (tcp://...:2375). I assess this as not manifestly malware but a high-risk administrative component that must be strictly access-controlled and hardened (validate/sanitize inputs, avoid passing raw user values into shell/Docker operations, use secure Docker API access, avoid exposing endpoints publicly).