Secure your dependencies. Ship with confidence.

This code is malicious or at minimum a covert loader/packer: it decrypts an embedded payload, allocates executable memory, writes and makes it executable, and executes it via native/JIT pointer manipulation and dynamic delegates. It also alters runtime behavior by replacing delegates/fields and manipulating module/JIT internals. Those capabilities are consistent with code injection, in-memory code execution and runtime tampering — strong indicators of backdoor/loader/supply-chain malware. The package should be treated as highly dangerous and not used.

The code fragment exhibits strong indicators of obfuscation and potential dynamic code loading/execution capabilities, including unmanaged interop, in-memory payload handling, and hardcoded cryptographic material. While some parts may serve legitimate PDF annotation functionality, the observed patterns significantly elevate supply-chain and runtime security risk. Treat as a high-risk artifact requiring rigorous provenance verification, signing, and independent malware analysis before distribution or deployment.

This code fragment performs a privileged, unconditional systemd service stop for a hardcoded service (`traffic_router`). It presents a significant operational disruption risk in a supply-chain context. However, with only this single line and no broader context, there is insufficient evidence to confirm broader malicious behavior (e.g., exfiltration/persistence).

This module is designed to collect host-identifying metadata (hostname, username, local/public IPs, working directory, OS details) and exfiltrate it to remote servers using plaintext HTTP to hardcoded IP addresses and a WebSocket fallback. The suppression of logging during the npm 'preinstall' lifecycle event and dynamic imports for network libraries are strong indicators of stealthy, likely malicious behavior. Treat this package as malicious or at minimum unacceptable unauthorized telemetry. Remove or isolate it, audit projects where it appears, and block the listed endpoints/network egress.

Live on npm for 13 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This code implements a custom obfuscation/encryption pipeline (Devil) and a decoder/loader (Nasr) that culminates in executing arbitrary decoded code via exec. That behavior is dangerous in a library: it enables execution of hidden payloads supplied as data, which is a common supply-chain/backdoor pattern. Treat this module as high risk and avoid using it in trusted environments. If present in a package, it should be audited and removed or sandboxed; require provenance and strict review before allowing any input to Nasr to be executed.

This module decodes and LZMA-decompresses a hardcoded blob and immediately execs the result at import. That is a high-risk pattern: it grants an opaque payload unrestricted access to the runtime and host. Without safely decompressing and inspecting the embedded code we cannot assert exact malicious actions, but the use of layered encoding/compression plus exec-on-import is strongly suspicious. Treat the package as unsafe for production; analyze the decompressed payload in a secure, isolated environment before use.

This module is an automation tool that, given Discord user tokens, enumerates servers, creates permanent invite links when necessary, and sends those invite links plus guild names to an external Telegram endpoint. The functionality enables exfiltration and unauthorized propagation into servers and could be used to escalate or distribute malicious campaigns. The code contains clear misuse patterns (credential abuse, creation of durable invites, external exfiltration) and is highly suspicious. Treat as malicious tooling — do not run with real tokens; remove and investigate any exposure of tokens.

A JavaScript preload script that hooks child_process.execSync/spawnSync and fs methods to intercept macOS “security” commands and reads of “*.credentials.json” files. When the environment variable CLAUDE_CREDENTIALS is set, it returns those credentials (with only the refreshToken zeroed) directly to callers as Buffers or strings, bypassing the OS keychain or on-disk files. It also blocks all other “security” CLI invocations and turns writes, deletes, and chmods on credential files into no-ops. If DEBUG_PRELOAD_SCRIPT is enabled, it logs intercepted commands and even prints the full credentials JSON to stdout/stderr and/or ~/.preload-script.log, creating a high-risk supply-chain backdoor for unauthorized credential injection, persistence, and exfiltration.

This module is a Wi‑Fi credential harvesting tool. It collects saved plaintext Wi‑Fi passwords/PSKs from Windows (netsh key=clear) and Linux (nmcli and NetworkManager system connection files), then prints the secrets and can persist them to a JSON report. Even without visible network exfiltration in this snippet, the credential collection and disclosure/export behavior is highly consistent with stealer/malware functionality. Review other package components for any forwarding/upload logic; treat the module as high risk in a supply-chain context.

The fragment is a highly obfuscated, eval-driven payload that reconstructs and executes logic to emit user URL and title data to a large network of external endpoints. This behavior strongly indicates covert data exfiltration, broad-beam tracking, or SEO-spam activity rather than legitimate functionality. It represents a notable privacy and supply-chain risk and should be treated as suspicious or malicious, warranting removal or comprehensive audit of any dependency introducing such code.

This module actively harvests Discord authentication tokens by attaching to a Discord/Chromium renderer and executing JS that locates an internal getToken function. It also forcefully kills the Discord process to attach. These are direct credential-theft behaviors. Use of this code in projects poses a high risk of unauthorized account access unless used in a controlled, authorized environment with clear user consent. Recommend removing or locking down this functionality and auditing CRD implementation and any callers that handle the returned token.

This module is an attack-capable wireless frame replay/injection component. It actively transmits crafted and/or PCAP-derived 802.11 frames (including EAPOL Start frames and beacon frames with attacker-selected SSIDs/BSSIDs) over a monitor-mode interface using Scapy sendp. There is no evidence in this fragment of covert exfiltration or credential theft, but the intended use is overt exploitation/testing that can enable disruption, spoofing, and forced re-auth behavior. Treat this package as high security risk in any environment where execution could be unauthorized or uncontrolled.

The code intentionally collects host information and exfiltrates it to an external domain using a ping-based covert channel. This is a clear data-leakage mechanism with minimal error handling and no user-visible indicators, indicating potential malicious intent or a backdoor. While it does not appear to directly compromise system integrity, it represents a significant privacy and data-leak risk and could facilitate further exploitation if the exfiltration server is controlled by an attacker.

This module implements cloud sync and does active exfiltration of local provider information and API keys to a hardcoded external service (https://9router.com). It also modifies a user configuration file (~/.claude/settings.json) to rewrite an endpoint URL. That behavior constitutes high-risk data exfiltration and surprising side effects. If the project owner did not explicitly intend to upload API keys and rewrite local CLI settings to that domain, treat this as malicious or at least unacceptable for most threat models. Review and block network exfiltration and local file modifications unless explicitly authorized.

This module is strongly suspicious primarily due to intentional obfuscation combined with direct host command execution via child_process.exec and relaying/embedding of execution output into returned text and thrown errors. It also shows explicit shell-like directory creation intent ('mkdir -p') rather than safe filesystem calls. The snippet does not provide enough detail to conclusively prove data theft, persistence, or network exfiltration, but the command-execution pattern and concealment are consistent with installer/stager or dropper behavior and warrant full-file review and runtime analysis to confirm what exact command(s) are executed and whether any network/persistence actions occur.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

[Skill Scanner] Credential file access detected (AITech 8.2.3) [DE002]

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This script is a front-end for bulk credit card generation and validation. It reads potentially large amounts of sensitive payment card data from disk and forwards each entry, concurrently, to external API wrapper functions provided by the disgrasya package. The file contains no obfuscation or direct network code, but it clearly facilitates potentially illegal activity (mass card generation/checking) and can be used to exfiltrate card data depending on the implementations of the imported API modules. Immediate concerns: high abuse potential, lack of input validation and resource controls, and sensitive-data-in-memory handling. A full security determination requires reviewing the disgrasya.* API implementations. Recommend treating this package as high risk and not running it on systems containing real cardholder data.

This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.

The code contains a critical supply chain security risk due to the immediate execution of an unknown shell script 'att.sh' on module import, combined with a suspicious HTTP version check to an uncommon domain. These behaviors justify a high security risk and malware suspicion score. No obfuscation is present, but the arbitrary shell execution is a severe red flag. The package should be treated as potentially malicious and avoided until the external script and network endpoints are fully audited.

The agent-chat fragment is plausibly aligned with its stated messaging/policy goals but presents multiple security and governance concerns. Key issues include reliance on an external relay for delivery, potential mismatch between at-rest and in-transit privacy guarantees, and autonomous behaviors that could cause unintended data sharing. The supply-chain risk from unconstrained auto-update needs explicit integrity checks. Overall, the risk level is Suspicious-to-Moderate pending concrete cryptographic implementation details, explicit at-rest encryption, and stronger controls around autonomous actions.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

This code contains a deliberate, obfuscated network exfiltration that sends private key material to an external host during signature preparation. This is a high-confidence backdoor/supply-chain compromise. Do not use this package; consider it malicious and compromised. Replace with a trusted, audited implementation and rotate any keys generated or used by this code.

Live on npm for 9 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This code is malicious or at minimum a covert loader/packer: it decrypts an embedded payload, allocates executable memory, writes and makes it executable, and executes it via native/JIT pointer manipulation and dynamic delegates. It also alters runtime behavior by replacing delegates/fields and manipulating module/JIT internals. Those capabilities are consistent with code injection, in-memory code execution and runtime tampering — strong indicators of backdoor/loader/supply-chain malware. The package should be treated as highly dangerous and not used.

The code fragment exhibits strong indicators of obfuscation and potential dynamic code loading/execution capabilities, including unmanaged interop, in-memory payload handling, and hardcoded cryptographic material. While some parts may serve legitimate PDF annotation functionality, the observed patterns significantly elevate supply-chain and runtime security risk. Treat as a high-risk artifact requiring rigorous provenance verification, signing, and independent malware analysis before distribution or deployment.

This code fragment performs a privileged, unconditional systemd service stop for a hardcoded service (`traffic_router`). It presents a significant operational disruption risk in a supply-chain context. However, with only this single line and no broader context, there is insufficient evidence to confirm broader malicious behavior (e.g., exfiltration/persistence).

This module is designed to collect host-identifying metadata (hostname, username, local/public IPs, working directory, OS details) and exfiltrate it to remote servers using plaintext HTTP to hardcoded IP addresses and a WebSocket fallback. The suppression of logging during the npm 'preinstall' lifecycle event and dynamic imports for network libraries are strong indicators of stealthy, likely malicious behavior. Treat this package as malicious or at minimum unacceptable unauthorized telemetry. Remove or isolate it, audit projects where it appears, and block the listed endpoints/network egress.

Live on npm for 13 hours and 57 minutes before removal. Socket users were protected even while the package was live.

This code implements a custom obfuscation/encryption pipeline (Devil) and a decoder/loader (Nasr) that culminates in executing arbitrary decoded code via exec. That behavior is dangerous in a library: it enables execution of hidden payloads supplied as data, which is a common supply-chain/backdoor pattern. Treat this module as high risk and avoid using it in trusted environments. If present in a package, it should be audited and removed or sandboxed; require provenance and strict review before allowing any input to Nasr to be executed.

This module decodes and LZMA-decompresses a hardcoded blob and immediately execs the result at import. That is a high-risk pattern: it grants an opaque payload unrestricted access to the runtime and host. Without safely decompressing and inspecting the embedded code we cannot assert exact malicious actions, but the use of layered encoding/compression plus exec-on-import is strongly suspicious. Treat the package as unsafe for production; analyze the decompressed payload in a secure, isolated environment before use.

This module is an automation tool that, given Discord user tokens, enumerates servers, creates permanent invite links when necessary, and sends those invite links plus guild names to an external Telegram endpoint. The functionality enables exfiltration and unauthorized propagation into servers and could be used to escalate or distribute malicious campaigns. The code contains clear misuse patterns (credential abuse, creation of durable invites, external exfiltration) and is highly suspicious. Treat as malicious tooling — do not run with real tokens; remove and investigate any exposure of tokens.

A JavaScript preload script that hooks child_process.execSync/spawnSync and fs methods to intercept macOS “security” commands and reads of “*.credentials.json” files. When the environment variable CLAUDE_CREDENTIALS is set, it returns those credentials (with only the refreshToken zeroed) directly to callers as Buffers or strings, bypassing the OS keychain or on-disk files. It also blocks all other “security” CLI invocations and turns writes, deletes, and chmods on credential files into no-ops. If DEBUG_PRELOAD_SCRIPT is enabled, it logs intercepted commands and even prints the full credentials JSON to stdout/stderr and/or ~/.preload-script.log, creating a high-risk supply-chain backdoor for unauthorized credential injection, persistence, and exfiltration.

This module is a Wi‑Fi credential harvesting tool. It collects saved plaintext Wi‑Fi passwords/PSKs from Windows (netsh key=clear) and Linux (nmcli and NetworkManager system connection files), then prints the secrets and can persist them to a JSON report. Even without visible network exfiltration in this snippet, the credential collection and disclosure/export behavior is highly consistent with stealer/malware functionality. Review other package components for any forwarding/upload logic; treat the module as high risk in a supply-chain context.

The fragment is a highly obfuscated, eval-driven payload that reconstructs and executes logic to emit user URL and title data to a large network of external endpoints. This behavior strongly indicates covert data exfiltration, broad-beam tracking, or SEO-spam activity rather than legitimate functionality. It represents a notable privacy and supply-chain risk and should be treated as suspicious or malicious, warranting removal or comprehensive audit of any dependency introducing such code.

This module actively harvests Discord authentication tokens by attaching to a Discord/Chromium renderer and executing JS that locates an internal getToken function. It also forcefully kills the Discord process to attach. These are direct credential-theft behaviors. Use of this code in projects poses a high risk of unauthorized account access unless used in a controlled, authorized environment with clear user consent. Recommend removing or locking down this functionality and auditing CRD implementation and any callers that handle the returned token.

This module is an attack-capable wireless frame replay/injection component. It actively transmits crafted and/or PCAP-derived 802.11 frames (including EAPOL Start frames and beacon frames with attacker-selected SSIDs/BSSIDs) over a monitor-mode interface using Scapy sendp. There is no evidence in this fragment of covert exfiltration or credential theft, but the intended use is overt exploitation/testing that can enable disruption, spoofing, and forced re-auth behavior. Treat this package as high security risk in any environment where execution could be unauthorized or uncontrolled.

The code intentionally collects host information and exfiltrates it to an external domain using a ping-based covert channel. This is a clear data-leakage mechanism with minimal error handling and no user-visible indicators, indicating potential malicious intent or a backdoor. While it does not appear to directly compromise system integrity, it represents a significant privacy and data-leak risk and could facilitate further exploitation if the exfiltration server is controlled by an attacker.

This module implements cloud sync and does active exfiltration of local provider information and API keys to a hardcoded external service (https://9router.com). It also modifies a user configuration file (~/.claude/settings.json) to rewrite an endpoint URL. That behavior constitutes high-risk data exfiltration and surprising side effects. If the project owner did not explicitly intend to upload API keys and rewrite local CLI settings to that domain, treat this as malicious or at least unacceptable for most threat models. Review and block network exfiltration and local file modifications unless explicitly authorized.

This module is strongly suspicious primarily due to intentional obfuscation combined with direct host command execution via child_process.exec and relaying/embedding of execution output into returned text and thrown errors. It also shows explicit shell-like directory creation intent ('mkdir -p') rather than safe filesystem calls. The snippet does not provide enough detail to conclusively prove data theft, persistence, or network exfiltration, but the command-execution pattern and concealment are consistent with installer/stager or dropper behavior and warrant full-file review and runtime analysis to confirm what exact command(s) are executed and whether any network/persistence actions occur.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This module contains a critical vulnerability: unconstrained eval() of attacker-controlled 'input.expr' with access to local variables (including a formatted request object). This yields remote code execution and potential data exfiltration. The code likely represents an insecure design/bug rather than intentionally malicious code, but it must be remediated before handling untrusted inputs. Also fix the apparent syntax error in getAttr.

[Skill Scanner] Credential file access detected (AITech 8.2.3) [DE002]

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This script is a front-end for bulk credit card generation and validation. It reads potentially large amounts of sensitive payment card data from disk and forwards each entry, concurrently, to external API wrapper functions provided by the disgrasya package. The file contains no obfuscation or direct network code, but it clearly facilitates potentially illegal activity (mass card generation/checking) and can be used to exfiltrate card data depending on the implementations of the imported API modules. Immediate concerns: high abuse potential, lack of input validation and resource controls, and sensitive-data-in-memory handling. A full security determination requires reviewing the disgrasya.* API implementations. Recommend treating this package as high risk and not running it on systems containing real cardholder data.

This module performs credential-based authentication to a remote service and then requests a likely sensitive database dump endpoint using persisted cookies. The combination of predictable /tmp handling for credentials/cookies, disabled TLS verification (-k), and bash tracing (-x) makes it particularly risky in a supply-chain context. While it could be intended for legitimate administrative backup/export, the explicit dbdump retrieval sequence strongly resembles an automated credential-driven data extraction workflow and should be reviewed/controlled tightly.

The code contains a critical supply chain security risk due to the immediate execution of an unknown shell script 'att.sh' on module import, combined with a suspicious HTTP version check to an uncommon domain. These behaviors justify a high security risk and malware suspicion score. No obfuscation is present, but the arbitrary shell execution is a severe red flag. The package should be treated as potentially malicious and avoided until the external script and network endpoints are fully audited.

The agent-chat fragment is plausibly aligned with its stated messaging/policy goals but presents multiple security and governance concerns. Key issues include reliance on an external relay for delivery, potential mismatch between at-rest and in-transit privacy guarantees, and autonomous behaviors that could cause unintended data sharing. The supply-chain risk from unconstrained auto-update needs explicit integrity checks. Overall, the risk level is Suspicious-to-Moderate pending concrete cryptographic implementation details, explicit at-rest encryption, and stronger controls around autonomous actions.

The script collects sensitive user information from the Discord API, including usernames, emails, and IDs, and saves it to a file without user consent. It automates interactions with Discord, including sending unsolicited messages to channels (spamming), and uses a captcha solving service to bypass security measures. The script contains hardcoded API keys and tokens, posing significant security risks if shared or leaked. Additionally, it includes obfuscated JavaScript code to manipulate local storage tokens, suggesting attempts to hijack or misuse user accounts.

This code contains a deliberate, obfuscated network exfiltration that sends private key material to an external host during signature preparation. This is a high-confidence backdoor/supply-chain compromise. Do not use this package; consider it malicious and compromised. Replace with a trusted, audited implementation and rotate any keys generated or used by this code.

Live on npm for 9 hours and 17 minutes before removal. Socket users were protected even while the package was live.