Secure your dependencies. Ship with confidence.

This module’s browser runtime includes high-risk remote execution capabilities driven by WebSocket messages: it can execute arbitrary JavaScript received as msg.code (new Function) and it can execute <script> tags contained inside server-supplied HTML during DOM updates. If the WebSocket endpoint is not tightly authenticated/authorized and protected against message forgery/tampering, this becomes an effective client-side RCE/XSS mechanism suitable for malicious sabotage. No explicit malware payload is shown, but the execution model substantially elevates security risk and should be reviewed end-to-end (WS authorization, message integrity, and removal/strict lockdown of eval/script reinjection paths).

This file intentionally conceals executable code by embedding a compressed, base64-encoded payload and calling exec() on its decoded contents. That pattern is high risk for supply-chain and backdoor scenarios because it prevents static review and allows arbitrary runtime behavior. Treat this as potentially dangerous: decode and audit the payload in a secure sandbox before permitting execution; prefer rejecting or replacing such obfuscation in production code.

The code in 'postinstall.js' is heavily obfuscated and collects system information using the 'runSystemChecks()' function. It then encodes the collected data using 'toBase32()' and sends it over the network via 'triggerDNSLookup()', which performs DNS requests with the encoded data. This behavior suggests covert data exfiltration through DNS, a technique commonly used in malware to leak sensitive information without detection. The use of obfuscation further indicates an attempt to conceal malicious activity.

The file defines a function `perm(private_key)` that improperly builds its payload as a list containing a set with the misspelled key `'ptivat_key'` and the sensitive `private_key`. It then sends this data in plain HTTP POST to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/tron—effectively exfiltrating the private key. Immediately afterward, it issues a GET to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/switcher and uses the (potentially attacker-controlled) JSON response to alter its return value, indicating a remotely controlled backdoor. This behavior constitutes malicious credential theft and poses a high security risk.

The code is malicious as it gathers sensitive system and user information and sends it to a remote server. It poses a significant privacy risk and security threat, and should not be used.

Live on npm for 2 days, 21 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This program is a deliberate tool to escalate an existing network connection into an interactive /bin/sh shell on the host. In the context of a webserver it functions as a backdoor: when run (typically by an attacker or a helper script) and given the attacker's IP:port it will locate the corresponding socket in the process and attach a shell to it. This is high-risk, malicious functionality in most environments. It should not be present in production code and any instance found on a server should be treated as a compromise indicator.

The code appears to be intentionally sending sensitive information to a remote server under specific conditions, which is likely a form of data exfiltration. The use of a complicated and obfuscated domain name and the conditions for sending data are particularly suspicious.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

This code is a clear credential/secret disclosure endpoint: it hardcodes a password, base64-encodes it, and returns it in JSON to any client requesting GET /data, with no authentication or access control. While the snippet lacks additional malicious primitives (e.g., exec/subprocess), the exposed secret over the network makes it highly dangerous and unsuitable for deployment.

This file is intentionally obfuscated (base64 + zlib) and executes an opaque payload via exec() at import time. That behavior is strongly suspicious and constitutes a high supply-chain risk. Treat the package as untrusted until the embedded payload is decoded and audited in a safe, isolated environment. Do not run or import this module in production or on sensitive hosts. Recommended actions: decode/decompress the payload offline, perform static and dynamic analysis in a sandbox, and revoke/avoid the package if the payload performs unauthorized actions.

Live on pypi for 23 hours and 35 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected Functionally benign in itself: the skill's code and examples are consistent with the stated purpose (creating pitch-deck visuals) and do not contain direct malware payloads, hardcoded secrets, or obfuscated malicious logic. However, there are supply-chain/privacy risks: it instructs running a remote installer (curl | sh) and sends arbitrary HTML, Python code, and prompts to third-party hosted services (inference.sh and falai models). That behavior can legitimately be required for a hosted visual-generation workflow, but it concentrates risk — sensitive slide content and user credentials could be exposed if those services are untrusted or compromised. Recommended mitigations: inspect the remote installer before running (download and review the script), prefer local-only tools if slide content is proprietary, restrict agent allowed_tools to the minimum necessary, and verify the trustworthiness and privacy policy of inference.sh/falai before supplying confidential assets or login credentials. LLM verification: The provided skill content does not contain explicit malware in the example snippets, but it exhibits significant supply-chain and data-exposure risk due to the use of a pipe-to-shell installer and reliance on a third-party remote execution service that runs arbitrary HTML/Python. Treat this as SUSPICIOUS: the immediate code examples are benign, but the installation and execution model creates realistic opportunities for compromise, credential harvesting, or exfiltration if the inference.sh oper

A script fetches data from cke293hccoldee9pq12034map869r5ccm[.]oast[.]live without any validation or verification, then immediately forces termination. This behavior is indicative of malicious intent and poses a security threat by potentially downloading harmful or unauthorized content.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This source file is the central orchestration for a remote implant/C2 client (Sliver). It collects and transmits detailed host-identifying information, accepts and executes arbitrary tasks from a remote operator, supports runtime reconfiguration (server-supplied C2 addresses), and exposes multiple stealthy execution vectors (DLL exports, service, shellcode). In typical software supply-chain or production contexts this component is malicious and should not be included or executed. Further review of transports, handlers, and pivots modules is required to enumerate C2 endpoints, payload behaviors, and full exploitation capabilities.

Installing this package will execute a postinstall script (node bin/setup.js -pi) that can perform arbitrary actions on the host, and the package depends on suspicious packages named "fs" and "crypto" rather than using Node core modules. Together with pm2-based service scripts (start/stop), this creates a significant risk of unwanted persistent background processes, telemetry or exfiltration. Inspect bin/setup.js and any files under bin/ before installing; do not install unless you can audit those scripts and verify the author/source.

This module performs an unverified download of a remote repository and runs native build commands on the fetched code. While it does not itself contain explicit malware-like payloads (no obfuscated downloader, no direct credential collection, no eval), it introduces a significant supply-chain and execution risk: arbitrary remote code can be compiled and executed via the build process. Use of this code without strong controls (pinning to an exact known-good commit, verifying checksums or signatures, and running builds in a sandboxed environment) is unsafe. The observed bug (returning 'Non') should be fixed.

Live on pypi for 5 hours and 16 minutes before removal. Socket users were protected even while the package was live.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

This module largely performs filesystem parsing and keyword matching for “skills,” but the save_skill() function is dangerously inconsistent with its purpose: it builds content without writing it, then deletes the computed skill directory using shutil.rmtree() driven by a caller-controlled path component (name) without path validation. Combined with a clear `return Tru` bug and broken frontmatter parsing, the code strongly suggests sabotage or severe corruption with high risk of data loss, especially if name is influenced by untrusted input.

This module implements a covert HTTP tunneling SOCKS server (client-side of an HTTP-based tunnel) that forwards arbitrary local TCP/SOCKS traffic to remote web endpoints using randomized headers and encoded payloads. That functionality is potentially malicious in most contexts because it provides a stealthy remote-access/data-exfiltration channel and can be used to bypass firewall controls. If found in a dependency or package, it should be treated as high risk and investigated/removed unless you explicitly expect this behavior and trust the remote endpoints and accompanying server-side component (tunnel.php).

The most critical issue is the exposure of AWS credentials, posing a significant security risk. Other aspects, such as the use of localStorage and network requests, should be monitored but are not immediately dangerous without additional context.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

This module’s browser runtime includes high-risk remote execution capabilities driven by WebSocket messages: it can execute arbitrary JavaScript received as msg.code (new Function) and it can execute <script> tags contained inside server-supplied HTML during DOM updates. If the WebSocket endpoint is not tightly authenticated/authorized and protected against message forgery/tampering, this becomes an effective client-side RCE/XSS mechanism suitable for malicious sabotage. No explicit malware payload is shown, but the execution model substantially elevates security risk and should be reviewed end-to-end (WS authorization, message integrity, and removal/strict lockdown of eval/script reinjection paths).

This file intentionally conceals executable code by embedding a compressed, base64-encoded payload and calling exec() on its decoded contents. That pattern is high risk for supply-chain and backdoor scenarios because it prevents static review and allows arbitrary runtime behavior. Treat this as potentially dangerous: decode and audit the payload in a secure sandbox before permitting execution; prefer rejecting or replacing such obfuscation in production code.

The code in 'postinstall.js' is heavily obfuscated and collects system information using the 'runSystemChecks()' function. It then encodes the collected data using 'toBase32()' and sends it over the network via 'triggerDNSLookup()', which performs DNS requests with the encoded data. This behavior suggests covert data exfiltration through DNS, a technique commonly used in malware to leak sensitive information without detection. The use of obfuscation further indicates an attempt to conceal malicious activity.

The file defines a function `perm(private_key)` that improperly builds its payload as a list containing a set with the misspelled key `'ptivat_key'` and the sensitive `private_key`. It then sends this data in plain HTTP POST to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/tron—effectively exfiltrating the private key. Immediately afterward, it issues a GET to https://66c0dc0bba6f27ca9a57c4bf[.]mockapi[.]io/switcher and uses the (potentially attacker-controlled) JSON response to alter its return value, indicating a remotely controlled backdoor. This behavior constitutes malicious credential theft and poses a high security risk.

The code is malicious as it gathers sensitive system and user information and sends it to a remote server. It poses a significant privacy risk and security threat, and should not be used.

Live on npm for 2 days, 21 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This program is a deliberate tool to escalate an existing network connection into an interactive /bin/sh shell on the host. In the context of a webserver it functions as a backdoor: when run (typically by an attacker or a helper script) and given the attacker's IP:port it will locate the corresponding socket in the process and attach a shell to it. This is high-risk, malicious functionality in most environments. It should not be present in production code and any instance found on a server should be treated as a compromise indicator.

The code appears to be intentionally sending sensitive information to a remote server under specific conditions, which is likely a form of data exfiltration. The use of a complicated and obfuscated domain name and the conditions for sending data are particularly suspicious.

Live on npm for 17 minutes before removal. Socket users were protected even while the package was live.

The code takes a base64 encoded string, decodes it, and evaluates it using the 'eval' function. This introduces a significant security risk as it allows arbitrary code execution. The code should be considered dangerous and should not be used.

Live on npm for 19 minutes before removal. Socket users were protected even while the package was live.

This code is a clear credential/secret disclosure endpoint: it hardcodes a password, base64-encodes it, and returns it in JSON to any client requesting GET /data, with no authentication or access control. While the snippet lacks additional malicious primitives (e.g., exec/subprocess), the exposed secret over the network makes it highly dangerous and unsuitable for deployment.

This file is intentionally obfuscated (base64 + zlib) and executes an opaque payload via exec() at import time. That behavior is strongly suspicious and constitutes a high supply-chain risk. Treat the package as untrusted until the embedded payload is decoded and audited in a safe, isolated environment. Do not run or import this module in production or on sensitive hosts. Recommended actions: decode/decompress the payload offline, perform static and dynamic analysis in a sandbox, and revoke/avoid the package if the payload performs unauthorized actions.

Live on pypi for 23 hours and 35 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected Functionally benign in itself: the skill's code and examples are consistent with the stated purpose (creating pitch-deck visuals) and do not contain direct malware payloads, hardcoded secrets, or obfuscated malicious logic. However, there are supply-chain/privacy risks: it instructs running a remote installer (curl | sh) and sends arbitrary HTML, Python code, and prompts to third-party hosted services (inference.sh and falai models). That behavior can legitimately be required for a hosted visual-generation workflow, but it concentrates risk — sensitive slide content and user credentials could be exposed if those services are untrusted or compromised. Recommended mitigations: inspect the remote installer before running (download and review the script), prefer local-only tools if slide content is proprietary, restrict agent allowed_tools to the minimum necessary, and verify the trustworthiness and privacy policy of inference.sh/falai before supplying confidential assets or login credentials. LLM verification: The provided skill content does not contain explicit malware in the example snippets, but it exhibits significant supply-chain and data-exposure risk due to the use of a pipe-to-shell installer and reliance on a third-party remote execution service that runs arbitrary HTML/Python. Treat this as SUSPICIOUS: the immediate code examples are benign, but the installation and execution model creates realistic opportunities for compromise, credential harvesting, or exfiltration if the inference.sh oper

A script fetches data from cke293hccoldee9pq12034map869r5ccm[.]oast[.]live without any validation or verification, then immediately forces termination. This behavior is indicative of malicious intent and poses a security threat by potentially downloading harmful or unauthorized content.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This source file is the central orchestration for a remote implant/C2 client (Sliver). It collects and transmits detailed host-identifying information, accepts and executes arbitrary tasks from a remote operator, supports runtime reconfiguration (server-supplied C2 addresses), and exposes multiple stealthy execution vectors (DLL exports, service, shellcode). In typical software supply-chain or production contexts this component is malicious and should not be included or executed. Further review of transports, handlers, and pivots modules is required to enumerate C2 endpoints, payload behaviors, and full exploitation capabilities.

Installing this package will execute a postinstall script (node bin/setup.js -pi) that can perform arbitrary actions on the host, and the package depends on suspicious packages named "fs" and "crypto" rather than using Node core modules. Together with pm2-based service scripts (start/stop), this creates a significant risk of unwanted persistent background processes, telemetry or exfiltration. Inspect bin/setup.js and any files under bin/ before installing; do not install unless you can audit those scripts and verify the author/source.

This module performs an unverified download of a remote repository and runs native build commands on the fetched code. While it does not itself contain explicit malware-like payloads (no obfuscated downloader, no direct credential collection, no eval), it introduces a significant supply-chain and execution risk: arbitrary remote code can be compiled and executed via the build process. Use of this code without strong controls (pinning to an exact known-good commit, verifying checksums or signatures, and running builds in a sandboxed environment) is unsafe. The observed bug (returning 'Non') should be fixed.

Live on pypi for 5 hours and 16 minutes before removal. Socket users were protected even while the package was live.

WebLogic CORBA/IIOP exploitation framework containing hardcoded exploit payloads for binding/rebinding remote objects and executing remote constructor payloads. The code implements multi-stage attacks including backdoor installation capabilities through serialized Java bytecode injection. Contains embedded hex-encoded payloads targeting WebLogic internal classes (weblogic[.]corba[.]cos[.]naming[.]NamingContextAny) and CORBA naming contexts. Functionality includes remote command execution through getServerLocation method calls and JNDI manipulation attacks. While this is legitimate penetration testing code within a security framework, the presence of ready-to-use exploit payloads and backdoor installation mechanisms represents unusual patterns that security tools should flag for review.

This module largely performs filesystem parsing and keyword matching for “skills,” but the save_skill() function is dangerously inconsistent with its purpose: it builds content without writing it, then deletes the computed skill directory using shutil.rmtree() driven by a caller-controlled path component (name) without path validation. Combined with a clear `return Tru` bug and broken frontmatter parsing, the code strongly suggests sabotage or severe corruption with high risk of data loss, especially if name is influenced by untrusted input.

This module implements a covert HTTP tunneling SOCKS server (client-side of an HTTP-based tunnel) that forwards arbitrary local TCP/SOCKS traffic to remote web endpoints using randomized headers and encoded payloads. That functionality is potentially malicious in most contexts because it provides a stealthy remote-access/data-exfiltration channel and can be used to bypass firewall controls. If found in a dependency or package, it should be treated as high risk and investigated/removed unless you explicitly expect this behavior and trust the remote endpoints and accompanying server-side component (tunnel.php).

The most critical issue is the exposure of AWS credentials, posing a significant security risk. Other aspects, such as the use of localStorage and network requests, should be monitored but are not immediately dangerous without additional context.

Live on npm for 34 minutes before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.