Secure your dependencies. Ship with confidence.

The code contains a section that downloads and executes an external file from a base64 encoded URL without user consent. This behavior is highly indicative of malware, as it could lead to system compromise by executing arbitrary code.

Live on pypi for 1 day, 17 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This file contains a deliberately obfuscated backdoor that runs immediately on import. It enumerates common environment files in the project root (e.g., .env, .env.local, .env.production, .env.development, .env.example), reads them for assignments matching PRIVATE_KEY, SECRET_KEY, API_KEY, ACCESS_KEY, SECRET, and KEY, and extracts those values. Any discovered secrets are formatted into a Discord embed payload and exfiltrated via an HTTP POST to a hard-coded Discord webhook at https://discord[.]com/api[.]webhooks/1402204544502599790/3qeGdn-OqnBENWkYFWxdhV-KZVVvCzoI7ePCV7TP7o62EeMvwLyiUi1Pmui2MVZV2Zgp. This constitutes malicious credential harvesting and data exfiltration.

The code is dataset utility code and not obviously malware, but it contains dangerous constructs that allow arbitrary code execution and shell command execution driven by dataset YAMLs or dataset-provided 'download' strings. This is a supply-chain / execution risk: if an attacker can provide or modify a dataset YAML or downloaded dataset that reaches these functions, they can run arbitrary Python or shell commands on the host. No clear credential harvesting or obfuscation present. I recommend treating datasets and their YAMLs as untrusted, removing exec()/os.system() on dataset-provided strings or performing strict validation/sandboxing before executing.

This code is a clearly weaponized network exploit module. It takes an attacker-supplied command and injects it into an HTTP POST form parameter using backtick syntax to induce remote command execution on targeted GPON home gateways, then fetches and prints command output (or notes blind execution). Even with potential runtime interruption due to a typo in check(), the fragment’s purpose and behavior are strongly malicious and highly risky in any software supply chain context.

This module is a strong Windows Chromium credential/data stealer. It recovers the browser master key via DPAPI (ProtectedData.Unprotect using PowerShell), decrypts AES-256-GCM “v10” records from local browser databases (Login Data, Cookies, Web Data), parses passwords/cookies/payment-card/autofill data, and returns the harvested secrets in-memory for downstream misuse. No benign purpose is apparent within this code fragment.

This skill is an explicit, actionable offensive playbook for privilege escalation on Linux, Windows, and Active Directory environments. It contains high-risk, runnable commands to obtain root/Administrator privileges, dump credentials, create persistence, and perform lateral movement. While such content can be legitimate for authorized red-team and pentesting use, the document's actionable nature (including commands that create setuid shells, fetch remote payloads, and dump NTDS) makes it inherently dangerous if used outside authorized, controlled engagements. Embedding this as an AI agent skill that can execute commands or install tools would be high risk — it facilitates credential harvesting, remote code execution, and domain compromise. Treat as high security risk and restrict execution to controlled, authorized environments with human oversight.

This module contains functionality to perform in-memory process injection (process hollowing / reflective injection): it spawns a process, allocates memory in it, writes an image buffer into that memory, sets thread context, and resumes execution. The managed API ProcessManager.Run accepts a byte[] and triggers this native sequence. That capability is highly suspicious for a library dependency unless clearly documented and expected (e.g., a legitimate loader). Treat this as potentially malicious/supply-chain risk: if you do not expect or require in-memory process injection, do not use or include this package. If you must use it, isolate and audit the callers and ensure images are trusted and usage is legitimate.

This snippet is a clearly malicious exploit module: it fingerprints Netgear RAX30 via HTTP headers and, when matched, invokes a command-loop mechanism that stages/execut es payloads using wget to /tmp, consistent with remote command execution. It also injects operator-supplied commands into an HTTP User-Agent header using backticks to trigger blind command injection on vulnerable devices. The code’s design and sinks make it a serious supply-chain security risk, even though a probable typo (return Fals) could affect runtime behavior in some environments.

This code implements a remote command execution agent: it connects to an MQTT broker and executes received message payloads as shell commands. With default values (hardcoded broker IP and token) it can behave as a backdoor/C2 client. There is minimal sanitization and no authentication, making it highly dangerous in a supply-chain context. Treat as malicious/untrusted unless you control the broker, the deployment environment, and accept the severe risks. Immediate recommendation: do not install/run this package in production; require removal or heavy modification (authentication, command whitelisting, signing of messages, TLS with verification, removal of hardcoded defaults).

This Python file is a launcher that executes an opaque, bundled Windows executable with suppressed output and provides decoy messages. The wrapper itself does not include network exfiltration or credential theft code, but it is a high-risk supply-chain component because it will run arbitrary native code without integrity checks or user confirmation. Treat the package as potentially dangerous until the bundled executable's provenance and runtime behavior are verified; assume a significant risk of malicious behavior if the binary is untrusted.

Live on pypi for 8 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This file hides executable Python code in a base64+zlib blob and immediately executes it with exec. That pattern is high risk: it prevents code review and is frequently used for malicious purposes (backdoors, exfiltration, reverse shells). Treat the package as untrusted until the embedded payload is decoded and analyzed in a safe environment. Do not run this code in production.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

Live on pypi for 1 day, 7 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk patterns consistent with a supply-chain/backdoor capability: it fetches and executes remote Python code and remote SQL without integrity checks, and it alters builtins globally. While the code as shown does not itself include an explicit exfiltration payload, its behavior enables arbitrary remote code execution and runtime takeover when the remote endpoints are controlled by an attacker. Do not use this package in trusted environments unless the remote sources are fully audited and cryptographically verified.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This code is designed specifically to generate malicious XML payloads for XXE attacks, XML bombs, and SSRF exploitation. It provides ready-made attack templates that could lead to file system access, data theft, denial of service, and network reconnaissance. The code has no legitimate security testing context and appears intended for malicious use.

Live on pypi for 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package.json data, and sends it to a remote server.

Live on npm for 13 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This script is high-risk. It performs destructive filesystem operations and executes external commands constructed directly from untrusted directory entries without any sanitization, quoting, or use of safe APIs. The primary threats are: command injection and shell interpretation of malicious filenames, path traversal allowing deletion or execution outside intended directories, arbitrary execution of attacker-controlled binaries (via '../command'+sample), and possible data exfiltration through upload_magic.py. Do not run this script in an untrusted environment or on sensitive hosts. Remediation: validate and canonicalize sample names, ensure entries are directories, avoid os.system with shell invocation — use subprocess.run with list args, use os.path.join and realpath checks, implement strict allow-lists, add error handling, and remove unconditional destructive rm commands or require explicit confirmation.

The script is highly suspicious and likely malicious due to its data collection and transmission behavior. It is recommended not to use this script or the package it is part of without a thorough investigation and/or proper mitigation measures.

Live on npm for 20 days, 22 hours and 21 minutes before removal. Socket users were protected even while the package was live.

The code contains a section that downloads and executes an external file from a base64 encoded URL without user consent. This behavior is highly indicative of malware, as it could lead to system compromise by executing arbitrary code.

Live on pypi for 1 day, 17 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This file contains a deliberately obfuscated backdoor that runs immediately on import. It enumerates common environment files in the project root (e.g., .env, .env.local, .env.production, .env.development, .env.example), reads them for assignments matching PRIVATE_KEY, SECRET_KEY, API_KEY, ACCESS_KEY, SECRET, and KEY, and extracts those values. Any discovered secrets are formatted into a Discord embed payload and exfiltrated via an HTTP POST to a hard-coded Discord webhook at https://discord[.]com/api[.]webhooks/1402204544502599790/3qeGdn-OqnBENWkYFWxdhV-KZVVvCzoI7ePCV7TP7o62EeMvwLyiUi1Pmui2MVZV2Zgp. This constitutes malicious credential harvesting and data exfiltration.

The code is dataset utility code and not obviously malware, but it contains dangerous constructs that allow arbitrary code execution and shell command execution driven by dataset YAMLs or dataset-provided 'download' strings. This is a supply-chain / execution risk: if an attacker can provide or modify a dataset YAML or downloaded dataset that reaches these functions, they can run arbitrary Python or shell commands on the host. No clear credential harvesting or obfuscation present. I recommend treating datasets and their YAMLs as untrusted, removing exec()/os.system() on dataset-provided strings or performing strict validation/sandboxing before executing.

This code is a clearly weaponized network exploit module. It takes an attacker-supplied command and injects it into an HTTP POST form parameter using backtick syntax to induce remote command execution on targeted GPON home gateways, then fetches and prints command output (or notes blind execution). Even with potential runtime interruption due to a typo in check(), the fragment’s purpose and behavior are strongly malicious and highly risky in any software supply chain context.

This module is a strong Windows Chromium credential/data stealer. It recovers the browser master key via DPAPI (ProtectedData.Unprotect using PowerShell), decrypts AES-256-GCM “v10” records from local browser databases (Login Data, Cookies, Web Data), parses passwords/cookies/payment-card/autofill data, and returns the harvested secrets in-memory for downstream misuse. No benign purpose is apparent within this code fragment.

This skill is an explicit, actionable offensive playbook for privilege escalation on Linux, Windows, and Active Directory environments. It contains high-risk, runnable commands to obtain root/Administrator privileges, dump credentials, create persistence, and perform lateral movement. While such content can be legitimate for authorized red-team and pentesting use, the document's actionable nature (including commands that create setuid shells, fetch remote payloads, and dump NTDS) makes it inherently dangerous if used outside authorized, controlled engagements. Embedding this as an AI agent skill that can execute commands or install tools would be high risk — it facilitates credential harvesting, remote code execution, and domain compromise. Treat as high security risk and restrict execution to controlled, authorized environments with human oversight.

This module contains functionality to perform in-memory process injection (process hollowing / reflective injection): it spawns a process, allocates memory in it, writes an image buffer into that memory, sets thread context, and resumes execution. The managed API ProcessManager.Run accepts a byte[] and triggers this native sequence. That capability is highly suspicious for a library dependency unless clearly documented and expected (e.g., a legitimate loader). Treat this as potentially malicious/supply-chain risk: if you do not expect or require in-memory process injection, do not use or include this package. If you must use it, isolate and audit the callers and ensure images are trusted and usage is legitimate.

This snippet is a clearly malicious exploit module: it fingerprints Netgear RAX30 via HTTP headers and, when matched, invokes a command-loop mechanism that stages/execut es payloads using wget to /tmp, consistent with remote command execution. It also injects operator-supplied commands into an HTTP User-Agent header using backticks to trigger blind command injection on vulnerable devices. The code’s design and sinks make it a serious supply-chain security risk, even though a probable typo (return Fals) could affect runtime behavior in some environments.

This code implements a remote command execution agent: it connects to an MQTT broker and executes received message payloads as shell commands. With default values (hardcoded broker IP and token) it can behave as a backdoor/C2 client. There is minimal sanitization and no authentication, making it highly dangerous in a supply-chain context. Treat as malicious/untrusted unless you control the broker, the deployment environment, and accept the severe risks. Immediate recommendation: do not install/run this package in production; require removal or heavy modification (authentication, command whitelisting, signing of messages, TLS with verification, removal of hardcoded defaults).

This Python file is a launcher that executes an opaque, bundled Windows executable with suppressed output and provides decoy messages. The wrapper itself does not include network exfiltration or credential theft code, but it is a high-risk supply-chain component because it will run arbitrary native code without integrity checks or user confirmation. Treat the package as potentially dangerous until the bundled executable's provenance and runtime behavior are verified; assume a significant risk of malicious behavior if the binary is untrusted.

Live on pypi for 8 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This file hides executable Python code in a base64+zlib blob and immediately executes it with exec. That pattern is high risk: it prevents code review and is frequently used for malicious purposes (backdoors, exfiltration, reverse shells). Treat the package as untrusted until the embedded payload is decoded and analyzed in a safe environment. Do not run this code in production.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

Live on pypi for 1 day, 7 hours and 25 minutes before removal. Socket users were protected even while the package was live.

This module contains high-risk patterns consistent with a supply-chain/backdoor capability: it fetches and executes remote Python code and remote SQL without integrity checks, and it alters builtins globally. While the code as shown does not itself include an explicit exfiltration payload, its behavior enables arbitrary remote code execution and runtime takeover when the remote endpoints are controlled by an attacker. Do not use this package in trusted environments unless the remote sources are fully audited and cryptographically verified.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This code is designed specifically to generate malicious XML payloads for XXE attacks, XML bombs, and SSRF exploitation. It provides ready-made attack templates that could lead to file system access, data theft, denial of service, and network reconnaissance. The code has no legitimate security testing context and appears intended for malicious use.

Live on pypi for 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script collects information like package name, directory path, home directory, hostname, username, DNS servers, and package.json data, and sends it to a remote server.

Live on npm for 13 hours and 34 minutes before removal. Socket users were protected even while the package was live.

This script is high-risk. It performs destructive filesystem operations and executes external commands constructed directly from untrusted directory entries without any sanitization, quoting, or use of safe APIs. The primary threats are: command injection and shell interpretation of malicious filenames, path traversal allowing deletion or execution outside intended directories, arbitrary execution of attacker-controlled binaries (via '../command'+sample), and possible data exfiltration through upload_magic.py. Do not run this script in an untrusted environment or on sensitive hosts. Remediation: validate and canonicalize sample names, ensure entries are directories, avoid os.system with shell invocation — use subprocess.run with list args, use os.path.join and realpath checks, implement strict allow-lists, add error handling, and remove unconditional destructive rm commands or require explicit confirmation.

The script is highly suspicious and likely malicious due to its data collection and transmission behavior. It is recommended not to use this script or the package it is part of without a thorough investigation and/or proper mitigation measures.

Live on npm for 20 days, 22 hours and 21 minutes before removal. Socket users were protected even while the package was live.