Secure your dependencies. Ship with confidence.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The file collects host system details (hostname via os.hostname(), current user and UID via os.userInfo(), Windows admin status via child_process.execSync('net session') and domain info via systeminfo), then disables TLS certificate validation by setting process.env['NODE_TLS_REJECT_UNAUTHORIZED']=0. It builds and sends an HTTPS GET request containing the username, admin status, hostname and __dirname to a suspicious endpoint at eewq2suvescxne0e5cdqgj6nnet5hu[.]oastify[.]com, indicating unauthorized data exfiltration and malicious intent.

This file implements straightforward data exfiltration: it solicits arbitrary input and forwards it to a fixed external WhatsApp number using hardcoded Twilio credentials. That combination constitutes a high security risk — credentials should be treated as compromised, rotated immediately, and removed from source control. The code should not be executed. There is no complex obfuscation or advanced malware behavior, but the practical effect is malicious (unauthorized data transmission and credential leakage). Remediation: remove credentials, use secure secret storage, require explicit destination confirmation, add input validation/consent and logging, and avoid os.system calls.

The code exhibits behavior consistent with malicious activity, specifically data exfiltration via DNS queries.

Live on npm for 5 days, 3 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The code is engaging in potentially malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. The domain used is suspicious, indicating a high risk of data theft.

Live on npm for 8 days, 6 hours and 50 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill/instruction doc appears functionally legitimate and aligned with its stated purpose (YouTube thumbnail design using a remote inference CLI). However, it contains moderately high supply-chain risk patterns: a curl|sh installer that downloads and executes a CLI from inference.sh/dist.inference.sh, plus examples that send prompts and (potentially) images and authentication tokens to a third-party service. There are no hardcoded secrets or obfuscated code in the provided text. Recommend treating the installer pattern as risky: prefer pinned, auditable installs (manual checksum verification before execution), clear documentation on where credentials go, and least-privilege CLI invocation. Overall: no clear malware, but medium-to-high supply-chain/security risk due to download-and-execute and credential/ data-forwarding patterns. LLM verification: The SKILL.md is a benign thumbnail-design guide but instructs users to install and use a third-party CLI via a pipe-to-shell pattern and to authenticate that CLI. The immediate risks are supply-chain and credential exposure: executing a remote install script and sending prompts/files/credentials to external inference endpoints. There is no embedded malware in the text itself, but the recommended operational flow is high-risk. Recommendation: do not execute the pipe-to-shell installer without ind

This module implements a named-pipe remote shell: it creates named pipes with an 'Everyone' security descriptor, waits for client connections, redirects stdio to the pipes, and execs a shell (cmd.exe by default). That gives any connected client interactive command execution on the host with no authentication. This is functionally a backdoor/remote shell and poses a high security risk; treat as malicious or potentially dangerous unless you can verify intended, secure use and restrict access.

The fragment appears to implement a browser-based remote session/control surface that captures user input and forwards it to a remote host, with session lifecycle management and remote-render updates. While such functionality can be legitimate for authorized remote-management tools, the pattern poses data-exposure and credential-usage risks, especially given localStorage-based tokens and heavy obfuscation. Key risk mitigations include strict authentication/authorization, encrypted transport, explicit user consent, minimal token exposure, auditable telemetry, and a security review of the remote endpoints and dynamic module loading paths. Overall, this is a medium-to-high risk component in a supply chain context if not clearly sanctioned and properly secured.

This preinstall script is explicitly malicious. It tries to steal AWS IAM credentials and environment details, probes for Docker socket access, and establishes a reverse shell to an attacker-controlled host. Do not install this package. If it was installed on any system, assume compromise: disconnect affected hosts, rotate any exposed credentials (IAM keys, tokens), revoke suspected sessions/keys, inspect for persistence or other malicious artifacts, and perform a full incident response.

Live on npm for 2 hours and 50 minutes before removal. Socket users were protected even while the package was live.

High security concern: this module packages a dockercfg secret into a Docker image and includes a Ruby/Rack HTTP endpoint that can disclose arbitrary file contents by mapping URL paths to environment variables, including an ENV key that directly points to the embedded dockercfg. The image is then built and pushed to a registry, distributing the credential-leak/backdoor capability via the supply chain. Review/disable and investigate any downstream use of the produced artifact; treat as likely malicious even though direct external exfiltration is not shown in this snippet.

This module exposes critical remote execution capabilities via Discord commands. `/do` performs `exec()` on attacker-controlled input in a context containing `globals()` and live objects, then returns results and tracebacks to the user. `/shell` launches an interactive `RealShell` with the same powerful context. Additionally, `/panik` provides a direct kill-switch (`sys.exit()`), and `setup` can perform destructive admin operations (roles/channels/emojis/icon, including deleting channels). While intent may be “admin/debug,” the explicit primitives are backdoor-grade risks unless ironclad authorization is proven in the unseen decorators/handlers. Based on this fragment alone, treat the security risk as critical/unsafe.

This JavaScript is intentionally malicious. It actively probes for sensitive data using SQL-injection-style payloads, aggregates responses, and exfiltrates them by posting to a comment endpoint. It also redirects remote users to a localhost service to access internal-only functionality. Remove this code immediately, audit server endpoints ('/check-resolve', '/post-comment') and logs, verify database query handling for SQL injection, and search the codebase and dependencies for the source of this injected script.

The preinstall hook will execute index.js during npm install. That grants the package the ability to run arbitrary code on the host. Without inspecting index.js, this is potentially dangerous and should be treated as suspicious. Review the contents of index.js (and any files it loads or network endpoints it contacts) before installing, or avoid installing packages that require running preinstall scripts from untrusted sources.

This module contains a critical security risk: it compiles and execs arbitrary local and remote Python content without any integrity, authentication, sandboxing, or allow-listing. While the file itself is not obfuscated and contains no explicit hardcoded malware, the use of exec on untrusted input constitutes a high-probability supply-chain and arbitrary code execution vulnerability. Treat this as a high security risk; remediate by eliminating or strongly controlling exec-based execution.

The code is a webpack runtime bootstrap with obfuscation and an explicit publicPath pointing to an external CDN (https://unpkg.com/pjfun@0.0.17/). It also overrides console methods (log/trace/warn/etc.), likely to suppress or control logging. The runtime itself does not directly exfiltrate data or open a reverse shell in the shown fragment, but setting publicPath to a remote host is a notable supply-chain risk because additional chunks will be fetched from that remote location and executed. The code is obfuscated and contains anti-debugging/log-suppression behavior; this increases risk and warrants close review of any remotely-loaded modules. Recommend treating the external CDN URL as untrusted and auditing any loaded modules or changing publicPath to a trusted source.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The code is malicious as it collects and sends sensitive system data to a suspicious domain without user consent. This poses a high security risk due to potential data theft and privacy invasion.

Live on npm for 2 days, 8 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module implements reverse-shell/backdoor functionality that constructs and sends payloads (bash/python/php) to a target ip:port and attempts to execute them via get_system_code/send utilities. The behavior is malicious for general use and represents a high security risk in a dependency. The code also contains syntactic corruption which may indicate tampering or redaction but does not reduce the clear backdoor intent. Remove and investigate this package and any related packages from the same author/publisher unless its presence is explicitly authorized for controlled offensive security use.

The provided code executes an unknown executable, which poses potential security risks. Further investigation into gmscvnnx.exe is necessary to determine its behavior and any associated risks.

This file intentionally conceals and dynamically executes an embedded payload. The pattern (base64 + zlib + exec on import) is high-risk: it prevents static review and enables arbitrary code execution at import time. Treat the package as untrusted until the embedded payload is decompressed and analyzed in a safe sandbox. Immediate mitigation: do not import/run this module in production; extract and inspect the decompressed string in isolation.

This file contains Python code that decodes base64-encoded data, decompresses it with LZMA, and then executes the resulting payload using the 'exec' function. This sequence is a common method of obfuscating unauthorized or malicious code to evade detection. No additional domains or IP addresses were identified in the code. The hidden payload’s purpose remains unclear without analyzing the decompressed content, but the combination of obfuscation and runtime execution indicates a high likelihood of malicious intent.

This code is malicious and implements credential harvesting: it reads AWS credentials from ~/.aws/credentials, encodes them, and exfiltrates them via HTTP GET requests to a hardcoded remote IP. The base64-encoded target strings and hardcoded IP indicate intent to hide behavior. Even though the snippet contains a syntax error that would prevent execution in its current form, the logic and network exfiltration are clear and dangerous. Treat this code as a high-risk backdoor and do not run or include it in dependencies.

Live on pypi for 3 days, 23 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This fragment implements an unrestricted evaluator for Python source that executes caller-provided code with the privileges of the host process. The fragment itself contains no embedded malicious payloads, but it creates a critical security boundary: if x can be influenced by untrusted actors, this is a direct remote code execution vector. Recommend: do not use with untrusted input. If dynamic evaluation is required, adopt strong sandboxing (separate process with least privileges, seccomp/containers, restricted builtins, explicit whitelist of allowed operations, time/memory limits) or use a safe domain-specific evaluator rather than exec/eval on raw Python source.

Live on pypi for 16 hours and 32 minutes before removal. Socket users were protected even while the package was live.

The code is a build script that performs file operations, obfuscation, and minification. It does not exhibit any malicious behavior, but the use of obfuscation could be a concern if the intent was to hide malicious code. However, in this context, it appears to be a legitimate use case.

Live on npm for 3 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code unconditionally kills all running Streamlit processes and then attempts to start a Streamlit app from a user-specific path. This behavior can disrupt legitimate usage and execute potentially untrusted user code without validation. While it may be intended for self-restart or deployment, the lack of safety nets (validation, error handling, logging, and user prompts) represents a significant reliability and security risk that warrants safer alternatives (graceful shutdown, confirm prompts, path validation, and explicit permissions).

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The file collects host system details (hostname via os.hostname(), current user and UID via os.userInfo(), Windows admin status via child_process.execSync('net session') and domain info via systeminfo), then disables TLS certificate validation by setting process.env['NODE_TLS_REJECT_UNAUTHORIZED']=0. It builds and sends an HTTPS GET request containing the username, admin status, hostname and __dirname to a suspicious endpoint at eewq2suvescxne0e5cdqgj6nnet5hu[.]oastify[.]com, indicating unauthorized data exfiltration and malicious intent.

This file implements straightforward data exfiltration: it solicits arbitrary input and forwards it to a fixed external WhatsApp number using hardcoded Twilio credentials. That combination constitutes a high security risk — credentials should be treated as compromised, rotated immediately, and removed from source control. The code should not be executed. There is no complex obfuscation or advanced malware behavior, but the practical effect is malicious (unauthorized data transmission and credential leakage). Remediation: remove credentials, use secure secret storage, require explicit destination confirmation, add input validation/consent and logging, and avoid os.system calls.

The code exhibits behavior consistent with malicious activity, specifically data exfiltration via DNS queries.

Live on npm for 5 days, 3 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The code is engaging in potentially malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. The domain used is suspicious, indicating a high risk of data theft.

Live on npm for 8 days, 6 hours and 50 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill/instruction doc appears functionally legitimate and aligned with its stated purpose (YouTube thumbnail design using a remote inference CLI). However, it contains moderately high supply-chain risk patterns: a curl|sh installer that downloads and executes a CLI from inference.sh/dist.inference.sh, plus examples that send prompts and (potentially) images and authentication tokens to a third-party service. There are no hardcoded secrets or obfuscated code in the provided text. Recommend treating the installer pattern as risky: prefer pinned, auditable installs (manual checksum verification before execution), clear documentation on where credentials go, and least-privilege CLI invocation. Overall: no clear malware, but medium-to-high supply-chain/security risk due to download-and-execute and credential/ data-forwarding patterns. LLM verification: The SKILL.md is a benign thumbnail-design guide but instructs users to install and use a third-party CLI via a pipe-to-shell pattern and to authenticate that CLI. The immediate risks are supply-chain and credential exposure: executing a remote install script and sending prompts/files/credentials to external inference endpoints. There is no embedded malware in the text itself, but the recommended operational flow is high-risk. Recommendation: do not execute the pipe-to-shell installer without ind

This module implements a named-pipe remote shell: it creates named pipes with an 'Everyone' security descriptor, waits for client connections, redirects stdio to the pipes, and execs a shell (cmd.exe by default). That gives any connected client interactive command execution on the host with no authentication. This is functionally a backdoor/remote shell and poses a high security risk; treat as malicious or potentially dangerous unless you can verify intended, secure use and restrict access.

The fragment appears to implement a browser-based remote session/control surface that captures user input and forwards it to a remote host, with session lifecycle management and remote-render updates. While such functionality can be legitimate for authorized remote-management tools, the pattern poses data-exposure and credential-usage risks, especially given localStorage-based tokens and heavy obfuscation. Key risk mitigations include strict authentication/authorization, encrypted transport, explicit user consent, minimal token exposure, auditable telemetry, and a security review of the remote endpoints and dynamic module loading paths. Overall, this is a medium-to-high risk component in a supply chain context if not clearly sanctioned and properly secured.

This preinstall script is explicitly malicious. It tries to steal AWS IAM credentials and environment details, probes for Docker socket access, and establishes a reverse shell to an attacker-controlled host. Do not install this package. If it was installed on any system, assume compromise: disconnect affected hosts, rotate any exposed credentials (IAM keys, tokens), revoke suspected sessions/keys, inspect for persistence or other malicious artifacts, and perform a full incident response.

Live on npm for 2 hours and 50 minutes before removal. Socket users were protected even while the package was live.

High security concern: this module packages a dockercfg secret into a Docker image and includes a Ruby/Rack HTTP endpoint that can disclose arbitrary file contents by mapping URL paths to environment variables, including an ENV key that directly points to the embedded dockercfg. The image is then built and pushed to a registry, distributing the credential-leak/backdoor capability via the supply chain. Review/disable and investigate any downstream use of the produced artifact; treat as likely malicious even though direct external exfiltration is not shown in this snippet.

This module exposes critical remote execution capabilities via Discord commands. `/do` performs `exec()` on attacker-controlled input in a context containing `globals()` and live objects, then returns results and tracebacks to the user. `/shell` launches an interactive `RealShell` with the same powerful context. Additionally, `/panik` provides a direct kill-switch (`sys.exit()`), and `setup` can perform destructive admin operations (roles/channels/emojis/icon, including deleting channels). While intent may be “admin/debug,” the explicit primitives are backdoor-grade risks unless ironclad authorization is proven in the unseen decorators/handlers. Based on this fragment alone, treat the security risk as critical/unsafe.

This JavaScript is intentionally malicious. It actively probes for sensitive data using SQL-injection-style payloads, aggregates responses, and exfiltrates them by posting to a comment endpoint. It also redirects remote users to a localhost service to access internal-only functionality. Remove this code immediately, audit server endpoints ('/check-resolve', '/post-comment') and logs, verify database query handling for SQL injection, and search the codebase and dependencies for the source of this injected script.

The preinstall hook will execute index.js during npm install. That grants the package the ability to run arbitrary code on the host. Without inspecting index.js, this is potentially dangerous and should be treated as suspicious. Review the contents of index.js (and any files it loads or network endpoints it contacts) before installing, or avoid installing packages that require running preinstall scripts from untrusted sources.

This module contains a critical security risk: it compiles and execs arbitrary local and remote Python content without any integrity, authentication, sandboxing, or allow-listing. While the file itself is not obfuscated and contains no explicit hardcoded malware, the use of exec on untrusted input constitutes a high-probability supply-chain and arbitrary code execution vulnerability. Treat this as a high security risk; remediate by eliminating or strongly controlling exec-based execution.

The code is a webpack runtime bootstrap with obfuscation and an explicit publicPath pointing to an external CDN (https://unpkg.com/pjfun@0.0.17/). It also overrides console methods (log/trace/warn/etc.), likely to suppress or control logging. The runtime itself does not directly exfiltrate data or open a reverse shell in the shown fragment, but setting publicPath to a remote host is a notable supply-chain risk because additional chunks will be fetched from that remote location and executed. The code is obfuscated and contains anti-debugging/log-suppression behavior; this increases risk and warrants close review of any remotely-loaded modules. Recommend treating the external CDN URL as untrusted and auditing any loaded modules or changing publicPath to a trusted source.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

The code is malicious as it collects and sends sensitive system data to a suspicious domain without user consent. This poses a high security risk due to potential data theft and privacy invasion.

Live on npm for 2 days, 8 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module implements reverse-shell/backdoor functionality that constructs and sends payloads (bash/python/php) to a target ip:port and attempts to execute them via get_system_code/send utilities. The behavior is malicious for general use and represents a high security risk in a dependency. The code also contains syntactic corruption which may indicate tampering or redaction but does not reduce the clear backdoor intent. Remove and investigate this package and any related packages from the same author/publisher unless its presence is explicitly authorized for controlled offensive security use.

The provided code executes an unknown executable, which poses potential security risks. Further investigation into gmscvnnx.exe is necessary to determine its behavior and any associated risks.

This file intentionally conceals and dynamically executes an embedded payload. The pattern (base64 + zlib + exec on import) is high-risk: it prevents static review and enables arbitrary code execution at import time. Treat the package as untrusted until the embedded payload is decompressed and analyzed in a safe sandbox. Immediate mitigation: do not import/run this module in production; extract and inspect the decompressed string in isolation.

This file contains Python code that decodes base64-encoded data, decompresses it with LZMA, and then executes the resulting payload using the 'exec' function. This sequence is a common method of obfuscating unauthorized or malicious code to evade detection. No additional domains or IP addresses were identified in the code. The hidden payload’s purpose remains unclear without analyzing the decompressed content, but the combination of obfuscation and runtime execution indicates a high likelihood of malicious intent.

This code is malicious and implements credential harvesting: it reads AWS credentials from ~/.aws/credentials, encodes them, and exfiltrates them via HTTP GET requests to a hardcoded remote IP. The base64-encoded target strings and hardcoded IP indicate intent to hide behavior. Even though the snippet contains a syntax error that would prevent execution in its current form, the logic and network exfiltration are clear and dangerous. Treat this code as a high-risk backdoor and do not run or include it in dependencies.

Live on pypi for 3 days, 23 hours and 3 minutes before removal. Socket users were protected even while the package was live.

This fragment implements an unrestricted evaluator for Python source that executes caller-provided code with the privileges of the host process. The fragment itself contains no embedded malicious payloads, but it creates a critical security boundary: if x can be influenced by untrusted actors, this is a direct remote code execution vector. Recommend: do not use with untrusted input. If dynamic evaluation is required, adopt strong sandboxing (separate process with least privileges, seccomp/containers, restricted builtins, explicit whitelist of allowed operations, time/memory limits) or use a safe domain-specific evaluator rather than exec/eval on raw Python source.

Live on pypi for 16 hours and 32 minutes before removal. Socket users were protected even while the package was live.

The code is a build script that performs file operations, obfuscation, and minification. It does not exhibit any malicious behavior, but the use of obfuscation could be a concern if the intent was to hide malicious code. However, in this context, it appears to be a legitimate use case.

Live on npm for 3 hours and 38 minutes before removal. Socket users were protected even while the package was live.

The code unconditionally kills all running Streamlit processes and then attempts to start a Streamlit app from a user-specific path. This behavior can disrupt legitimate usage and execute potentially untrusted user code without validation. While it may be intended for self-restart or deployment, the lack of safety nets (validation, error handling, logging, and user prompts) represents a significant reliability and security risk that warrants safer alternatives (graceful shutdown, confirm prompts, path validation, and explicit permissions).

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.