Secure your dependencies. Ship with confidence.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This fragment is a high-risk “drop-and-run” launcher: it decodes attacker-supplied base64 data, writes attacker-controlled Python code to worker.py, and executes it via subprocess while suppressing stdout/stderr. Although this module alone shows no explicit exfiltration, the ability to execute arbitrary code from command-line inputs makes it strongly suspicious for supply-chain abuse or payload delivery unless inputs are strictly trusted and integrity-verified.

This module contains a clearly destructive, privileged action that deletes `/usr/local/go` without any safety checks. In a supply-chain/dependency context, this strongly suggests malicious disruption or at minimum an unacceptable destructive side effect. No overt malware behaviors like data theft or networking are visible here, but the operational security risk is high due to toolchain removal.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This code fragment contains a critical arbitrary code execution sink: it executes attacker-controlled Python snippets via exec() in _run_py_snippet() with access to internal objects. Combined with an import mechanism that can load additional scripts from file paths, this presents an extremely high risk of malicious behavior if any attacker can influence JHL script content. Additionally, import path handling lacks explicit root directory confinement checks, increasing the risk of unintended file reads. Overall, the likelihood of malicious intent or at least catastrophic risk is high.

This code functions as a high-risk runtime installer/launcher: it copies a packaged “adminrex_keys.json” into a user directory and then downloads (if missing) and executes a Windows binary from a hardcoded external identifier using gdown, with only a minimal size check and no cryptographic integrity/authenticity verification. While malicious behavior of the executable cannot be proven from this fragment alone, the download-and-execute plus credential/key provisioning pattern is strongly consistent with a supply-chain dropper/updater and warrants immediate review/containment (e.g., avoid running, require verifiable signatures/hashes, and inspect the downloaded YTRex.exe behavior).

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This fragment is a high-risk “drop-and-run” launcher: it decodes attacker-supplied base64 data, writes attacker-controlled Python code to worker.py, and executes it via subprocess while suppressing stdout/stderr. Although this module alone shows no explicit exfiltration, the ability to execute arbitrary code from command-line inputs makes it strongly suspicious for supply-chain abuse or payload delivery unless inputs are strictly trusted and integrity-verified.

This module is functionally an unauthenticated network-exposed interactive shell (web-to-PTY bridge). It spawns a real OS shell and directly injects client-provided commands/keystrokes (msg.cmd and msg.data) into it, then streams the shell output back to the client. It also passes the full process environment to the shell and publicly serves /node_modules over HTTP, both of which increase risk. If this package is used in any way that makes the WebSocket endpoint reachable by untrusted parties, it presents an extremely high security risk and strongly matches remote command execution/backdoor-like behavior.

This Python module acts as a high-risk downloader/installer/launcher: it fetches a Windows executable from a hardcoded Google Drive file ID into a user-writable directory, copies packaged JSON “keys” into the same location, and executes the downloaded binary via subprocess.Popen. The downloaded payload is not integrity-checked (no hash/signature) and is only minimally screened for an HTML login page, which provides little protection against tampering or malicious content. Treat the package as potentially malicious supply-chain/dropper behavior pending containment and investigation of the dropped YTRex.exe and adminrex_keys.json contents.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This code fragment contains a critical arbitrary code execution sink: it executes attacker-controlled Python snippets via exec() in _run_py_snippet() with access to internal objects. Combined with an import mechanism that can load additional scripts from file paths, this presents an extremely high risk of malicious behavior if any attacker can influence JHL script content. Additionally, import path handling lacks explicit root directory confinement checks, increasing the risk of unintended file reads. Overall, the likelihood of malicious intent or at least catastrophic risk is high.

This module is a purpose-built Cloudflare Turnstile/interstitial challenge automation/bypass utility. It extracts Turnstile sitekey data from the target page, triggers solving automatically based on Cloudflare Turnstile API requests and page events, obtains/receives Turnstile tokens via the Turnstile callback, and injects the token into the DOM through a hidden 'cf-response' input. While it does not show classic malware behaviors like system compromise or data exfiltration in the fragment, its core functionality is explicitly aligned with circumventing anti-bot/access-control mechanisms, making it a substantial security risk in a supply-chain context.

This fragment is best classified as malicious supply-chain behavior: it performs system/build reconnaissance (public IP, hostname, OS, directory path, CI detection, and environment variable key enumeration) and exfiltrates the data to a hardcoded Discord webhook over HTTPS. The webhook URL is obscured with base64 decoding and failures are suppressed, both of which are strong anti-detection indicators. No legitimate functional purpose is evident beyond telemetry/exfiltration.

This module is highly suspicious: it performs root-required device reconnaissance (via su -c shell execution), probes sensitive artifacts (notably browser history under app data and multiple system/process/memory/proc indicators), and exfiltrates a detailed forensic report to a remote API endpoint using an operator-supplied access key. While it is labeled as “forensic,” the behavior matches common reconnaissance-and-reporting patterns seen in malware/spyware and presents significant privacy and security risk if introduced via a supply chain dependency. Treat as unsafe without strong provenance and independent verification of both client behavior and the remote service’s trust boundaries.

High-risk code fragment. It includes strong indicators of credential/session harvesting capability by extracting and decrypting browser cookies (including using macOS keychain via `security find-generic-password`) and using them for automated login/session management. It also contains a severe supply-chain/remote-code-execution sink: on server-required update (HTTP 426) it runs `curl -fsSL https://unbrowse.ai/install.sh | bash` via execSync (or an override via UNBROWSE_UPDATE_COMMAND). Overall, this module should be treated as highly suspicious and require urgent review, isolation, and supply-chain hardening (pin/update signing, remove curl|bash, restrict cookie access, and audit data exfil paths).

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This module is highly consistent with malicious/offensive supply-chain behavior: it performs DNS-based DKIM reconnaissance, parses cryptographic DKIM TXT parameters, classifies exploitability, and generates OpenSSL-based brute-force/exploitation command/payload strings. The presence of a child_process.exec execution primitive alongside exploitation command generation strongly suggests it is designed to execute attack workflows against third-party domains, not merely analyze them. Obfuscation further supports non-transparent intent. Treat the package as unsafe without full sandboxed verification of actual exec invocation and downstream behavior.

The most severe issue in this module is functional secret disclosure: the code reads EVM and Solana private keys from environment variables and includes them in JSON API responses via sendJsonResponse. Even though the /api/wallet/nfts endpoint is gated by an authorization check, the snippet does not demonstrate that the private-key-returning paths are similarly protected, making this a critical security defect if any untrusted client can reach those code paths. The NFT-fetching logic itself is comparatively normal but expands outbound trust to multiple third-party RPC/API providers and makes robust authorization and redaction essential.

This module is an exploit-oriented harness for serverless code execution in Google Cloud Functions. It can deploy or update a Cloud Function using a ZIP payload from an operator-controlled or default GCS source, invoke the function, and (with --assume-creds) parse the response to extract an access token and persist it as an OAuth2 account—i.e., credential/token harvesting. It also prints potentially sensitive session credential JSON to stdout. Overall, the orchestration strongly matches malicious supply-chain/exploitation behavior with high security risk.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

This module fragment contains a critical credential-exfiltration pattern: it reads EVM and Solana private keys from environment variables and returns them in JSON HTTP responses via sendJsonResponse. Even though a steward path masks the keys with placeholders, an empty catch block increases the chance of falling back to the real-key response path. The /api/wallet/nfts functionality involves normal network calls for NFT data, but the private-key disclosure dominates the security assessment and can enable immediate wallet compromise for any caller that can access the affected endpoint(s).

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This module is a high-risk dynamic loader. It unconditionally reads a Python source file from a hardcoded UNC network share and executes it via exec, while also manipulating sys.path to influence subsequent imports. The absence of integrity checks and the use of private network locations make this strongly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality. Treat as critical and block/inspect the referenced network content and the environment for compromise.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This fragment is a high-risk “drop-and-run” launcher: it decodes attacker-supplied base64 data, writes attacker-controlled Python code to worker.py, and executes it via subprocess while suppressing stdout/stderr. Although this module alone shows no explicit exfiltration, the ability to execute arbitrary code from command-line inputs makes it strongly suspicious for supply-chain abuse or payload delivery unless inputs are strictly trusted and integrity-verified.

This module contains a clearly destructive, privileged action that deletes `/usr/local/go` without any safety checks. In a supply-chain/dependency context, this strongly suggests malicious disruption or at minimum an unacceptable destructive side effect. No overt malware behaviors like data theft or networking are visible here, but the operational security risk is high due to toolchain removal.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This code fragment contains a critical arbitrary code execution sink: it executes attacker-controlled Python snippets via exec() in _run_py_snippet() with access to internal objects. Combined with an import mechanism that can load additional scripts from file paths, this presents an extremely high risk of malicious behavior if any attacker can influence JHL script content. Additionally, import path handling lacks explicit root directory confinement checks, increasing the risk of unintended file reads. Overall, the likelihood of malicious intent or at least catastrophic risk is high.

This code functions as a high-risk runtime installer/launcher: it copies a packaged “adminrex_keys.json” into a user directory and then downloads (if missing) and executes a Windows binary from a hardcoded external identifier using gdown, with only a minimal size check and no cryptographic integrity/authenticity verification. While malicious behavior of the executable cannot be proven from this fragment alone, the download-and-execute plus credential/key provisioning pattern is strongly consistent with a supply-chain dropper/updater and warrants immediate review/containment (e.g., avoid running, require verifiable signatures/hashes, and inspect the downloaded YTRex.exe behavior).

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

This fragment is a high-risk “drop-and-run” launcher: it decodes attacker-supplied base64 data, writes attacker-controlled Python code to worker.py, and executes it via subprocess while suppressing stdout/stderr. Although this module alone shows no explicit exfiltration, the ability to execute arbitrary code from command-line inputs makes it strongly suspicious for supply-chain abuse or payload delivery unless inputs are strictly trusted and integrity-verified.

This module is functionally an unauthenticated network-exposed interactive shell (web-to-PTY bridge). It spawns a real OS shell and directly injects client-provided commands/keystrokes (msg.cmd and msg.data) into it, then streams the shell output back to the client. It also passes the full process environment to the shell and publicly serves /node_modules over HTTP, both of which increase risk. If this package is used in any way that makes the WebSocket endpoint reachable by untrusted parties, it presents an extremely high security risk and strongly matches remote command execution/backdoor-like behavior.

This Python module acts as a high-risk downloader/installer/launcher: it fetches a Windows executable from a hardcoded Google Drive file ID into a user-writable directory, copies packaged JSON “keys” into the same location, and executes the downloaded binary via subprocess.Popen. The downloaded payload is not integrity-checked (no hash/signature) and is only minimally screened for an HTML login page, which provides little protection against tampering or malicious content. Treat the package as potentially malicious supply-chain/dropper behavior pending containment and investigation of the dropped YTRex.exe and adminrex_keys.json contents.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This code fragment contains a critical arbitrary code execution sink: it executes attacker-controlled Python snippets via exec() in _run_py_snippet() with access to internal objects. Combined with an import mechanism that can load additional scripts from file paths, this presents an extremely high risk of malicious behavior if any attacker can influence JHL script content. Additionally, import path handling lacks explicit root directory confinement checks, increasing the risk of unintended file reads. Overall, the likelihood of malicious intent or at least catastrophic risk is high.

This module is a purpose-built Cloudflare Turnstile/interstitial challenge automation/bypass utility. It extracts Turnstile sitekey data from the target page, triggers solving automatically based on Cloudflare Turnstile API requests and page events, obtains/receives Turnstile tokens via the Turnstile callback, and injects the token into the DOM through a hidden 'cf-response' input. While it does not show classic malware behaviors like system compromise or data exfiltration in the fragment, its core functionality is explicitly aligned with circumventing anti-bot/access-control mechanisms, making it a substantial security risk in a supply-chain context.

This fragment is best classified as malicious supply-chain behavior: it performs system/build reconnaissance (public IP, hostname, OS, directory path, CI detection, and environment variable key enumeration) and exfiltrates the data to a hardcoded Discord webhook over HTTPS. The webhook URL is obscured with base64 decoding and failures are suppressed, both of which are strong anti-detection indicators. No legitimate functional purpose is evident beyond telemetry/exfiltration.

This module is highly suspicious: it performs root-required device reconnaissance (via su -c shell execution), probes sensitive artifacts (notably browser history under app data and multiple system/process/memory/proc indicators), and exfiltrates a detailed forensic report to a remote API endpoint using an operator-supplied access key. While it is labeled as “forensic,” the behavior matches common reconnaissance-and-reporting patterns seen in malware/spyware and presents significant privacy and security risk if introduced via a supply chain dependency. Treat as unsafe without strong provenance and independent verification of both client behavior and the remote service’s trust boundaries.

High-risk code fragment. It includes strong indicators of credential/session harvesting capability by extracting and decrypting browser cookies (including using macOS keychain via `security find-generic-password`) and using them for automated login/session management. It also contains a severe supply-chain/remote-code-execution sink: on server-required update (HTTP 426) it runs `curl -fsSL https://unbrowse.ai/install.sh | bash` via execSync (or an override via UNBROWSE_UPDATE_COMMAND). Overall, this module should be treated as highly suspicious and require urgent review, isolation, and supply-chain hardening (pin/update signing, remove curl|bash, restrict cookie access, and audit data exfil paths).

The /hack endpoint provides remote, user-controlled execution of recon/exploitation tooling and includes a critical bash -c fallback that evaluates attacker-controlled strings, turning the service into a remote command execution mechanism (even if containerized). Additionally, /leak returns hardcoded breach results marked as pwned=True without verification, suggesting deceptive/social-engineering intent. Overall, this module is high-risk and should be treated as unsafe to deploy; remove the bash -c fallback, enforce strict authentication/authorization, and restrict execution to a narrowly validated allowlist without returning raw stderr/stdout to clients.

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This module is highly consistent with malicious/offensive supply-chain behavior: it performs DNS-based DKIM reconnaissance, parses cryptographic DKIM TXT parameters, classifies exploitability, and generates OpenSSL-based brute-force/exploitation command/payload strings. The presence of a child_process.exec execution primitive alongside exploitation command generation strongly suggests it is designed to execute attack workflows against third-party domains, not merely analyze them. Obfuscation further supports non-transparent intent. Treat the package as unsafe without full sandboxed verification of actual exec invocation and downstream behavior.

The most severe issue in this module is functional secret disclosure: the code reads EVM and Solana private keys from environment variables and includes them in JSON API responses via sendJsonResponse. Even though the /api/wallet/nfts endpoint is gated by an authorization check, the snippet does not demonstrate that the private-key-returning paths are similarly protected, making this a critical security defect if any untrusted client can reach those code paths. The NFT-fetching logic itself is comparatively normal but expands outbound trust to multiple third-party RPC/API providers and makes robust authorization and redaction essential.

This module is an exploit-oriented harness for serverless code execution in Google Cloud Functions. It can deploy or update a Cloud Function using a ZIP payload from an operator-controlled or default GCS source, invoke the function, and (with --assume-creds) parse the response to extract an access token and persist it as an OAuth2 account—i.e., credential/token harvesting. It also prints potentially sensitive session credential JSON to stdout. Overall, the orchestration strongly matches malicious supply-chain/exploitation behavior with high security risk.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

This module fragment contains a critical credential-exfiltration pattern: it reads EVM and Solana private keys from environment variables and returns them in JSON HTTP responses via sendJsonResponse. Even though a steward path masks the keys with placeholders, an empty catch block increases the chance of falling back to the real-key response path. The /api/wallet/nfts functionality involves normal network calls for NFT data, but the private-key disclosure dominates the security assessment and can enable immediate wallet compromise for any caller that can access the affected endpoint(s).

The fragment includes a highly sensitive endpoint (/api/wallet/export) that returns raw wallet private keys (EVM_PRIVATE_KEY and SOLANA_PRIVATE_KEY) directly in the HTTP JSON response. This is a credential-exfiltration sink and is extremely dangerous if the endpoint is not strictly authenticated/authorized (not shown in the snippet). The code also persists and propagates private keys into process.env and config, increasing risk. Aside from this, the rest appears to be wallet provisioning/config logic with network calls to steward/cloud services.

This module is a high-risk dynamic loader. It unconditionally reads a Python source file from a hardcoded UNC network share and executes it via exec, while also manipulating sys.path to influence subsequent imports. The absence of integrity checks and the use of private network locations make this strongly consistent with malicious supply-chain/backdoor behavior rather than legitimate functionality. Treat as critical and block/inspect the referenced network content and the environment for compromise.