Secure your dependencies. Ship with confidence.

There is no clear evidence of deliberately malicious code in this file, but it contains multiple high-risk patterns that can easily be abused: executing arbitrary AI-generated shell commands with shell=True, missing safety checks (is_command_safe imported but unused), excessive automatic retries, and inconsistent API key handling. These make the module a significant security risk in practice and susceptible to supply-chain or AI-manipulation attacks. Treat this package as potentially dangerous until proper validation, confirmation, and sandboxing are implemented.

Live on pypi for 3 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This module is a highly suspicious supply-chain component because it functions as a bidirectional remote shell bridge: it spawns an interactive PTY shell locally, injects base64-decoded remote input into the shell’s stdin, and exfiltrates stdout/stderr back to the remote WebSocket controller. The token in the WebSocket URL and the automatic 'claude' keystroke further align with remote-access/backdoor tooling rather than a benign library.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

This file intentionally conceals executable code using base64 + zlib and executes it at import-time with exec(), which is a high-risk, opaque pattern. Static review of this module cannot determine actual behavior until the blob is decoded. Treat this package as suspicious: do not run in trusted environments, decode the payload in an isolated sandbox for full inspection, and prefer packages with transparent, reviewable source. Even if the current payload is benign, the pattern poses a notable supply-chain risk.

Live on pypi for 4 days, 13 hours and 51 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, platform, user info, and current working directory, then sends it as base64-encoded JSON to a remote server.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates potentially malicious behavior through dynamic command execution, extensive data manipulation, and reliance on unpredictable values. The usage of 'Math.random()' and 'Date.now()' for cryptographic operations could introduce vulnerabilities. The code poses a significant security risk and should be further investigated for potential malicious intent.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

This module contains behavior that exfiltrates the wallet private key to an external service (facilitator.latinum.ai) via the collect_and_send_wallet_log call. That is a critical security issue for any wallet software: it permits remote control or theft of funds. Other network operations (posting signed transactions, sending public key and user metadata) are present and increase the privacy risk. There is no obfuscation, and the code otherwise uses standard libraries. Treat this package as high-risk: do not use it with real funds or keys and remove/disable any code paths that transmit private keys externally.

The script is designed to send the current user's username to a remote server, which is a clear indication of malicious behavior and data exfiltration.

Live on npm for 7 days, 21 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This fragment contains a high-risk supply-chain pattern: on Linux it downloads an executable from a public GitHub raw URL and executes it (subprocess.Popen), then routes HTTP requests through the resulting local proxy. That external binary’s behavior is not verifiable from this code, making sabotage/backdoor/proxy abuse plausible. Additional concerns include disabling TLS verification (verify=False) and saving files derived from remote URLs. Overall, treat this dependency/execution step as requiring strong scrutiny (pinning, signature verification, and sandboxing) before use.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This script executes a destructive rm -rf on /var/lib/sing-box. It poses a high security risk because it will irreversibly delete data and potentially break services. Without contextual justification (uninstall script run deliberately by an admin) treat it as malicious or at minimum unsafe to run. Recommend blocking or reviewing the intent, preserving backups, and not executing this script in production.

This file is a reverse-shell payload generator and listener launcher. It is high risk: it facilitates building and launching remote shells and starting a privileged netcat listener. The current fragment contains many syntax errors (likely corrupted or incomplete), but intent is clear. Treat this as malicious-capable tooling (dual-use at best). If found in a dependency, remove or quarantine and perform full repository audit. Do not execute this code on production or untrusted hosts.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The wrapper module is primarily a code-generation/mutation harness that writes Python modules into a provided directory and simulates git history. Although most generated business/data logic looks benign, it plants a critical malicious primitive: a churnapp config loader version that uses eval(f.read()) on configuration file contents, enabling arbitrary code execution if that loader is used with attacker-controlled config/path (or via CONFIG_PATH). This makes the overall supply-chain risk high even without visible network exfiltration or direct runtime malware in the provided fragment.

This code implements malicious-capability behavior: it modifies a reverse-shell payload and injects it into an arbitrary local process using pyrasite, then accepts and communicates with the resulting reverse connection. The code is a tool for remote code execution/backdoor functionality and poses a high supply-chain and local-privilege risk if used without explicit authorization. It is not obfuscated, but it intentionally hides the temporary payload by deleting it after injection. Use of this module should be restricted to trusted debugging contexts and otherwise treated as high-risk/untrusted.

The Temps Platform Setup skill provides a coherent workflow for deploying and managing a self-hosted platform, including remote install from a public URL and extensive credential requirements for providers and TLS. However, the combination of a download-execute install pattern from a remote URL, high-privilege credentials (GitHub, Cloudflare, DNS keys), and storage of secrets in CLI config paths creates meaningful supply-chain and credential-exposure risks. While the described functions align with a legitimate platform deployment tool, the installation method and broad credential surface warrant heightened scrutiny and defense-in-depth controls (signed installer, pinning, minimal scope tokens, encryption-at-rest, audit logging, and avoiding plaintext credential exposure in logs or histories). Overall risk is elevated (suspicious-to-high) due to download-execute patterns and credential exposure potential, though not definitively malicious in intent as described.

This file is largely composed of legitimate open-source libraries (jQuery, CryptoJS, SweetAlert2, bootstrap-notify). However, it contains a suspicious and malicious-looking injection: a conditional block that, when the user's locale is Russian and the host matches Russian TLDs, with 10% probability injects a DIV containing political messaging and an embedded YouTube iframe into document.body. This behavior is unrelated to the libraries' normal functionality and represents a targeted content-injection/backdoor or unwanted advertisement/easter-egg. I recommend not using this bundled file and replacing it with clean, official builds of the libraries from trusted sources. If you maintain a supply chain, investigate how this code was introduced (supply-chain compromise or malicious publisher addition).

The code is malicious and designed to steal Discord authentication tokens and user information from the user's local system. It accesses local storage directories associated with Discord and various web browsers to extract stored tokens from leveldb files. The extracted tokens are then used to retrieve additional user data from the Discord API, such as usernames, email addresses, phone numbers, and billing information. The collected information, including tokens and personal data, is sent to an external server via a hardcoded Discord webhook URL (e.g., https://discord[.]com/api/webhooks/...). This unauthorized data access and exfiltration pose a significant security risk, potentially allowing attackers to hijack user accounts and access sensitive information.

Live on npm for 4 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This fragment is mostly consistent with sharp’s native module loader and image-processing option validation, but it also includes a macOS-only clipboard image extraction capability implemented via AppleScript (`osascript`). It reads user clipboard PNG data, writes it to `/tmp`, reads it back into memory, deletes the file, and returns the clipboard image bytes to the caller—an inherently privacy-sensitive behavior that can enable clipboard harvesting. No network exfiltration is shown in the provided code, so maliciousness depends on how the returned data is used by the importing application, but the capability itself is a significant security concern.

This module is a high-risk remote execution agent. Untrusted server-provided messages directly drive `bash -c` execution, arbitrary filesystem read/write, and SCP-based file transfer, and it exfiltrates stdout/stderr and file contents back to the server. The lack of allowlisting or input constraints makes it dangerous in a supply-chain context unless the server and message sources are tightly controlled.

There is no clear evidence of deliberately malicious code in this file, but it contains multiple high-risk patterns that can easily be abused: executing arbitrary AI-generated shell commands with shell=True, missing safety checks (is_command_safe imported but unused), excessive automatic retries, and inconsistent API key handling. These make the module a significant security risk in practice and susceptible to supply-chain or AI-manipulation attacks. Treat this package as potentially dangerous until proper validation, confirmation, and sandboxing are implemented.

Live on pypi for 3 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This module is a highly suspicious supply-chain component because it functions as a bidirectional remote shell bridge: it spawns an interactive PTY shell locally, injects base64-decoded remote input into the shell’s stdin, and exfiltrates stdout/stderr back to the remote WebSocket controller. The token in the WebSocket URL and the automatic 'claude' keystroke further align with remote-access/backdoor tooling rather than a benign library.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 1 hour and 7 minutes before removal. Socket users were protected even while the package was live.

This file intentionally conceals executable code using base64 + zlib and executes it at import-time with exec(), which is a high-risk, opaque pattern. Static review of this module cannot determine actual behavior until the blob is decoded. Treat this package as suspicious: do not run in trusted environments, decode the payload in an isolated sandbox for full inspection, and prefer packages with transparent, reviewable source. Even if the current payload is benign, the pattern poses a notable supply-chain risk.

Live on pypi for 4 days, 13 hours and 51 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, platform, user info, and current working directory, then sends it as base64-encoded JSON to a remote server.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

The code demonstrates potentially malicious behavior through dynamic command execution, extensive data manipulation, and reliance on unpredictable values. The usage of 'Math.random()' and 'Date.now()' for cryptographic operations could introduce vulnerabilities. The code poses a significant security risk and should be further investigated for potential malicious intent.

Live on npm for 35 minutes before removal. Socket users were protected even while the package was live.

This module contains behavior that exfiltrates the wallet private key to an external service (facilitator.latinum.ai) via the collect_and_send_wallet_log call. That is a critical security issue for any wallet software: it permits remote control or theft of funds. Other network operations (posting signed transactions, sending public key and user metadata) are present and increase the privacy risk. There is no obfuscation, and the code otherwise uses standard libraries. Treat this package as high-risk: do not use it with real funds or keys and remove/disable any code paths that transmit private keys externally.

The script is designed to send the current user's username to a remote server, which is a clear indication of malicious behavior and data exfiltration.

Live on npm for 7 days, 21 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This fragment contains a high-risk supply-chain pattern: on Linux it downloads an executable from a public GitHub raw URL and executes it (subprocess.Popen), then routes HTTP requests through the resulting local proxy. That external binary’s behavior is not verifiable from this code, making sabotage/backdoor/proxy abuse plausible. Additional concerns include disabling TLS verification (verify=False) and saving files derived from remote URLs. Overall, treat this dependency/execution step as requiring strong scrutiny (pinning, signature verification, and sandboxing) before use.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This script executes a destructive rm -rf on /var/lib/sing-box. It poses a high security risk because it will irreversibly delete data and potentially break services. Without contextual justification (uninstall script run deliberately by an admin) treat it as malicious or at minimum unsafe to run. Recommend blocking or reviewing the intent, preserving backups, and not executing this script in production.

This file is a reverse-shell payload generator and listener launcher. It is high risk: it facilitates building and launching remote shells and starting a privileged netcat listener. The current fragment contains many syntax errors (likely corrupted or incomplete), but intent is clear. Treat this as malicious-capable tooling (dual-use at best). If found in a dependency, remove or quarantine and perform full repository audit. Do not execute this code on production or untrusted hosts.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The wrapper module is primarily a code-generation/mutation harness that writes Python modules into a provided directory and simulates git history. Although most generated business/data logic looks benign, it plants a critical malicious primitive: a churnapp config loader version that uses eval(f.read()) on configuration file contents, enabling arbitrary code execution if that loader is used with attacker-controlled config/path (or via CONFIG_PATH). This makes the overall supply-chain risk high even without visible network exfiltration or direct runtime malware in the provided fragment.

This code implements malicious-capability behavior: it modifies a reverse-shell payload and injects it into an arbitrary local process using pyrasite, then accepts and communicates with the resulting reverse connection. The code is a tool for remote code execution/backdoor functionality and poses a high supply-chain and local-privilege risk if used without explicit authorization. It is not obfuscated, but it intentionally hides the temporary payload by deleting it after injection. Use of this module should be restricted to trusted debugging contexts and otherwise treated as high-risk/untrusted.

The Temps Platform Setup skill provides a coherent workflow for deploying and managing a self-hosted platform, including remote install from a public URL and extensive credential requirements for providers and TLS. However, the combination of a download-execute install pattern from a remote URL, high-privilege credentials (GitHub, Cloudflare, DNS keys), and storage of secrets in CLI config paths creates meaningful supply-chain and credential-exposure risks. While the described functions align with a legitimate platform deployment tool, the installation method and broad credential surface warrant heightened scrutiny and defense-in-depth controls (signed installer, pinning, minimal scope tokens, encryption-at-rest, audit logging, and avoiding plaintext credential exposure in logs or histories). Overall risk is elevated (suspicious-to-high) due to download-execute patterns and credential exposure potential, though not definitively malicious in intent as described.

This file is largely composed of legitimate open-source libraries (jQuery, CryptoJS, SweetAlert2, bootstrap-notify). However, it contains a suspicious and malicious-looking injection: a conditional block that, when the user's locale is Russian and the host matches Russian TLDs, with 10% probability injects a DIV containing political messaging and an embedded YouTube iframe into document.body. This behavior is unrelated to the libraries' normal functionality and represents a targeted content-injection/backdoor or unwanted advertisement/easter-egg. I recommend not using this bundled file and replacing it with clean, official builds of the libraries from trusted sources. If you maintain a supply chain, investigate how this code was introduced (supply-chain compromise or malicious publisher addition).

The code is malicious and designed to steal Discord authentication tokens and user information from the user's local system. It accesses local storage directories associated with Discord and various web browsers to extract stored tokens from leveldb files. The extracted tokens are then used to retrieve additional user data from the Discord API, such as usernames, email addresses, phone numbers, and billing information. The collected information, including tokens and personal data, is sent to an external server via a hardcoded Discord webhook URL (e.g., https://discord[.]com/api/webhooks/...). This unauthorized data access and exfiltration pose a significant security risk, potentially allowing attackers to hijack user accounts and access sensitive information.

Live on npm for 4 hours and 35 minutes before removal. Socket users were protected even while the package was live.

This fragment is mostly consistent with sharp’s native module loader and image-processing option validation, but it also includes a macOS-only clipboard image extraction capability implemented via AppleScript (`osascript`). It reads user clipboard PNG data, writes it to `/tmp`, reads it back into memory, deletes the file, and returns the clipboard image bytes to the caller—an inherently privacy-sensitive behavior that can enable clipboard harvesting. No network exfiltration is shown in the provided code, so maliciousness depends on how the returned data is used by the importing application, but the capability itself is a significant security concern.

This module is a high-risk remote execution agent. Untrusted server-provided messages directly drive `bash -c` execution, arbitrary filesystem read/write, and SCP-based file transfer, and it exfiltrates stdout/stderr and file contents back to the server. The lack of allowlisting or input constraints makes it dangerous in a supply-chain context unless the server and message sources are tightly controlled.