Secure your dependencies. Ship with confidence.

This module is high-risk and highly consistent with credential/session theft. It automatically discovers and reads local browser cookie databases on macOS, decrypts Chromium-family cookies using macOS Keychain to recover a Claude `sessionKey`, then uses that stolen session in a Cookie header to query Claude/Anthropic endpoints for organization/usage data, with optional sensitive logging of tokens/sessionKey. Even though the network destinations are first-party Claude endpoints, the core behavior is unauthorized local secret access and authenticated reuse.

This module is an obfuscated client-side widget/bootstrapping script that injects UI (styles + button/container) and dynamically loads additional code chunks at runtime. It contains a high-risk execution primitive (new Function) and dynamic script/chunk injection, which are frequently used in supply-chain loaders/packers. The excerpt does not prove malware or data theft on its own, but it materially warrants manual review of the loaded chunks for network destinations and tracking/exfiltration behavior, and validation that configuration inputs cannot lead to DOM-based injection/XSS.

This module is an exploit-oriented harness for serverless code execution in Google Cloud Functions. It can deploy or update a Cloud Function using a ZIP payload from an operator-controlled or default GCS source, invoke the function, and (with --assume-creds) parse the response to extract an access token and persist it as an OAuth2 account—i.e., credential/token harvesting. It also prints potentially sensitive session credential JSON to stdout. Overall, the orchestration strongly matches malicious supply-chain/exploitation behavior with high security risk.

The provided fragment is overwhelmingly consistent with a packed/embedded payload with no visible operational logic. While there are no explicit malicious sinks observable in the snippet itself, the concealment level is a serious supply-chain red flag because the decoded payload could perform arbitrary actions. Treat the dependency as suspicious and inspect the complete module for any decode/deobfuscation and execution flow, along with network/filesystem/process behaviors.

This module acts as an obfuscated command/tool dispatcher: it extracts a command token and optional JSON-like arguments from an input string, parses arguments best-effort, then forwards the command and arguments to a generic connection_1 handler and logs the results/errors. The lack of validation/sanitization and the explicit “executing command” dispatch pattern make it high-risk for unsafe behavior. The exact maliciousness depends on connection_1 and upstream input sources, but the observed structure is strongly consistent with a backdoor-like or agent-like mechanism capable of performing or proxying privileged actions and leaking outputs through console logging.

This module is strongly indicative of surveillance/collection behavior: it monitors the user’s clipboard images and macOS screenshots, computes hashes to detect changes, saves locally and/or exfiltrates the captured image bytes to a remote host via SSH, and copies the resulting paths to the clipboard. The Windows implementation uses hidden encoded PowerShell for clipboard capture. While exact malicious intent cannot be proven from a single file, the functionality closely aligns with spyware/exfiltration tooling. Review/contain/remove this dependency urgently if unexpected in your project.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

This fragment is best classified as malicious supply-chain behavior: it performs system/build reconnaissance (public IP, hostname, OS, directory path, CI detection, and environment variable key enumeration) and exfiltrates the data to a hardcoded Discord webhook over HTTPS. The webhook URL is obscured with base64 decoding and failures are suppressed, both of which are strong anti-detection indicators. No legitimate functional purpose is evident beyond telemetry/exfiltration.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

Significant supply-chain/sandboxing risk. This module is an obfuscated browser loader/widget that performs DOM HTML/script injection, registers global functions, and uses new Function(...) plus runtime-decoding and dynamic module initialization. Although the snippet does not explicitly show a concrete exfiltration endpoint, the combination of high-risk execution primitives (new Function + injected scripts) and runtime-loaded behavior makes it unsafe to treat as a benign UI component without further inspection of the dynamically loaded modules and injected script sources.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

High-risk remote control/surveillance behavior: the code starts an HTTP server on 0.0.0.0 that allows a client to navigate a persistent browser, execute attacker-supplied code in the page (page.evaluate with request-provided script), and capture/return screenshots and drive host mouse/keyboard via xdotool/AutoHotkey. This strongly matches spyware/remote access tool functionality rather than a benign library.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This module is a supply-chain backdoor pattern: it fetches a base64-obscured remote URL, retrieves a JSON payload, and executes a remote string via eval() during module load/import. That combination strongly indicates malicious intent and yields a very high security risk for any project that installs or imports this dependency.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This fragment is highly suspicious and strongly consistent with malicious supply-chain/agent-runtime sabotage: it hardcodes an SSH private key-like secret and embeds prompt-injection instructions that direct reading /home/dev/.ssh/id_rsa and exfiltrating it to an attacker-controlled HTTP endpoint as the POST token. While the network call is not executed directly in this module, it is clearly encoded into signed demo records that could be executed by a surrounding framework. It also includes a function to tamper with log records, further supporting stealth/trace manipulation. Treat as malware-level risk for any system that might interpret/exeсute these generated steps.

This fragment performs import-time tampering of process environment variables to inject Git repository metadata—most notably a credential-like token embedded in the repository URL—then patches global module-resolution context and immediately executes bundled spans logic plus a side-effect chunk. While the ultimate malicious impact cannot be confirmed without the imported chunks, the credential-in-environment pattern and forced metadata manipulation are significant security risks consistent with covert supply-chain/telemetry behavior.

This module is a high-risk supply-chain loader: it copies bundled “keys” into a user-writable directory, downloads an executable from a hardcoded external identifier using gdown with no authenticity/integrity verification, and immediately executes the downloaded EXE. Even without confirming what the payload does, the code materially enables arbitrary code execution under the current user and is consistent with malicious distribution/dropping patterns.

This module is high-risk and highly consistent with credential/session theft. It automatically discovers and reads local browser cookie databases on macOS, decrypts Chromium-family cookies using macOS Keychain to recover a Claude `sessionKey`, then uses that stolen session in a Cookie header to query Claude/Anthropic endpoints for organization/usage data, with optional sensitive logging of tokens/sessionKey. Even though the network destinations are first-party Claude endpoints, the core behavior is unauthorized local secret access and authenticated reuse.

This module is an obfuscated client-side widget/bootstrapping script that injects UI (styles + button/container) and dynamically loads additional code chunks at runtime. It contains a high-risk execution primitive (new Function) and dynamic script/chunk injection, which are frequently used in supply-chain loaders/packers. The excerpt does not prove malware or data theft on its own, but it materially warrants manual review of the loaded chunks for network destinations and tracking/exfiltration behavior, and validation that configuration inputs cannot lead to DOM-based injection/XSS.

This module is an exploit-oriented harness for serverless code execution in Google Cloud Functions. It can deploy or update a Cloud Function using a ZIP payload from an operator-controlled or default GCS source, invoke the function, and (with --assume-creds) parse the response to extract an access token and persist it as an OAuth2 account—i.e., credential/token harvesting. It also prints potentially sensitive session credential JSON to stdout. Overall, the orchestration strongly matches malicious supply-chain/exploitation behavior with high security risk.

The provided fragment is overwhelmingly consistent with a packed/embedded payload with no visible operational logic. While there are no explicit malicious sinks observable in the snippet itself, the concealment level is a serious supply-chain red flag because the decoded payload could perform arbitrary actions. Treat the dependency as suspicious and inspect the complete module for any decode/deobfuscation and execution flow, along with network/filesystem/process behaviors.

This module acts as an obfuscated command/tool dispatcher: it extracts a command token and optional JSON-like arguments from an input string, parses arguments best-effort, then forwards the command and arguments to a generic connection_1 handler and logs the results/errors. The lack of validation/sanitization and the explicit “executing command” dispatch pattern make it high-risk for unsafe behavior. The exact maliciousness depends on connection_1 and upstream input sources, but the observed structure is strongly consistent with a backdoor-like or agent-like mechanism capable of performing or proxying privileged actions and leaking outputs through console logging.

This module is strongly indicative of surveillance/collection behavior: it monitors the user’s clipboard images and macOS screenshots, computes hashes to detect changes, saves locally and/or exfiltrates the captured image bytes to a remote host via SSH, and copies the resulting paths to the clipboard. The Windows implementation uses hidden encoded PowerShell for clipboard capture. While exact malicious intent cannot be proven from a single file, the functionality closely aligns with spyware/exfiltration tooling. Review/contain/remove this dependency urgently if unexpected in your project.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

This fragment is best classified as malicious supply-chain behavior: it performs system/build reconnaissance (public IP, hostname, OS, directory path, CI detection, and environment variable key enumeration) and exfiltrates the data to a hardcoded Discord webhook over HTTPS. The webhook URL is obscured with base64 decoding and failures are suppressed, both of which are strong anti-detection indicators. No legitimate functional purpose is evident beyond telemetry/exfiltration.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

Significant supply-chain/sandboxing risk. This module is an obfuscated browser loader/widget that performs DOM HTML/script injection, registers global functions, and uses new Function(...) plus runtime-decoding and dynamic module initialization. Although the snippet does not explicitly show a concrete exfiltration endpoint, the combination of high-risk execution primitives (new Function + injected scripts) and runtime-loaded behavior makes it unsafe to treat as a benign UI component without further inspection of the dynamically loaded modules and injected script sources.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

High-risk remote control/surveillance behavior: the code starts an HTTP server on 0.0.0.0 that allows a client to navigate a persistent browser, execute attacker-supplied code in the page (page.evaluate with request-provided script), and capture/return screenshots and drive host mouse/keyboard via xdotool/AutoHotkey. This strongly matches spyware/remote access tool functionality rather than a benign library.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This module is a supply-chain backdoor pattern: it fetches a base64-obscured remote URL, retrieves a JSON payload, and executes a remote string via eval() during module load/import. That combination strongly indicates malicious intent and yields a very high security risk for any project that installs or imports this dependency.

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This fragment is highly suspicious and strongly consistent with malicious supply-chain/agent-runtime sabotage: it hardcodes an SSH private key-like secret and embeds prompt-injection instructions that direct reading /home/dev/.ssh/id_rsa and exfiltrating it to an attacker-controlled HTTP endpoint as the POST token. While the network call is not executed directly in this module, it is clearly encoded into signed demo records that could be executed by a surrounding framework. It also includes a function to tamper with log records, further supporting stealth/trace manipulation. Treat as malware-level risk for any system that might interpret/exeсute these generated steps.

This fragment performs import-time tampering of process environment variables to inject Git repository metadata—most notably a credential-like token embedded in the repository URL—then patches global module-resolution context and immediately executes bundled spans logic plus a side-effect chunk. While the ultimate malicious impact cannot be confirmed without the imported chunks, the credential-in-environment pattern and forced metadata manipulation are significant security risks consistent with covert supply-chain/telemetry behavior.

This module is a high-risk supply-chain loader: it copies bundled “keys” into a user-writable directory, downloads an executable from a hardcoded external identifier using gdown with no authenticity/integrity verification, and immediately executes the downloaded EXE. Even without confirming what the payload does, the code materially enables arbitrary code execution under the current user and is consistent with malicious distribution/dropping patterns.