Secure your dependencies. Ship with confidence.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

The script is obfuscated and dynamically creates functions to collect the user's environment variables and sends them to a remote server.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code unconditionally executes a packaged shell script on Linux at import time with inherited stdio and package-directory working directory. The JS itself doesn't contain explicit malicious payloads, but this pattern is a high supply-chain risk: it grants any contents of inject_and_init.sh the ability to execute arbitrary commands with the user's privileges, interact with the terminal, read environment variables, and access the filesystem and network. Treat the package as potentially dangerous unless you can audit or control the script contents and provenance. Recommend removing automatic execution, adding explicit opt-in APIs, verifying script integrity (signatures/hashes), avoiding inherited stdio, and performing existence and content checks before execution.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This templated script contains a high-severity command-injection vulnerability: it interpolates unsanitized user input into a shell command string executed with subprocess.run(..., shell=True). There is no evidence of deliberate malware or exfiltration in the snippet, but the insecure pattern allows arbitrary command execution and therefore poses a serious security risk. Remediation should prioritize removing shell=True by using argument lists or strict input validation/quoting before any use in a shell.

Live on pypi for 5 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The reviewed file is a heavily obfuscated loader/unpacker/runtime injection component embedded inside a Modbus/ModComm library. It reads embedded resources or files, verifies and decrypts them, allocates native memory, copies payload bytes, constructs delegates from function pointers and can execute or hook code at runtime. These behaviors are consistent with a packer/unpacker, runtime protector, or loader and provide the ability to execute arbitrary native payloads shipped inside the package. Because this is atypical for a benign Modbus dependency and the code is intentionally obfuscated, treat the package as suspicious. Immediate recommended actions: do not use the package in sensitive environments until you (1) extract and inspect embedded resources/blobs and verify their contents and signatures, (2) obtain provenance and developer intent, or (3) replace with a known-good Modbus library without such runtime execution primitives.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This module contains a highly obfuscated component that reads embedded resources or files, decrypts them, allocates native memory, writes payload bytes, modifies memory protections and invokes code (and can write into other processes). Those are textbook capabilities of an in-memory loader/runner and are very high-risk for supply-chain attacks. Treat this package as potentially malicious or at minimum highly suspicious; remove or sandbox and perform a deeper runtime/forensic analysis of the decrypted payload bytes and any network behavior. If you need to keep it, perform a full audit and obtain provenance from the author. Do not deploy to production without exhaustive review.

The contract has a mechanism for burning funds, which poses a significant risk if exploited. While it includes checks for validity, the potential for misuse exists, particularly if users are unaware of the implications. Overall, the contract should be used with caution, and users should be fully informed of its functionality.

This source file contains explicit primitives to execute arbitrary native code: in-process shellcode execution and dynamic library sideloading into spawned processes. Those operations are high-risk and commonly used by implants/backdoors and red-team tools. Unless your threat model explicitly allows runtime execution of attacker-supplied native payloads (e.g., a known, controlled offensive security tool), this code should be considered malicious or highly dangerous and rejected for use in general-purpose software.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code unconditionally sends sensitive configuration (mongo_url) and user data to a hard-coded third-party API. This constitutes a high supply-chain and data-exfiltration risk. Treat the module as unsafe for production until the remote service is verified, credential leakage is prevented, and proper error handling and least-privilege controls are implemented.

This module contains a critical, explicit arbitrary code execution primitive in its bundled YAML support: it implements the YAML tag tag:yaml.org,2002:js/function using new Function(...) created from YAML-provided source. The application’s YAML preview path calls jsYaml.load(...) (not enforced safe loading), making the code-generation capability reachable if attacker-controlled YAML can be processed. Additionally, it renders Markdown with html:true and injects directly via innerHTML, and it uses innerHTML for Prism-highlighted output—together creating a high likelihood of XSS/DOM injection. Overall, treat this component as high risk and avoid processing untrusted Markdown/YAML unless the dangerous YAML tag support is removed/disabled and HTML injection is safely sanitized or avoided.

The module implements an automated wallet sweeper/drainer that reads private keys from a local wallets.txt, monitors accounts for incoming funds, and automatically constructs, signs, and transmits transactions to move funds to a configured collector address (with optional tips to third-party accounts and stealth/reliability features). It operates without safeguards or provenance checks and behaves as a backdoor/malware-like component, posing high risk for wallet theft and potential supply-chain compromise.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] The document is benign, useful guidance for coverage measurement and enforcement. The main security concern is the unpinned pipe-to-shell installer (curl | sh) used to install 'uv' in the CI example — this is a high-risk supply-chain pattern that can allow arbitrary remote code execution in CI and should be removed or replaced with pinned, integrity-verified installation methods. There is no direct evidence of malware or obfuscated/backdoor code in the provided examples, but the CI pattern elevates the package's supply-chain risk and should be remediated before adoption in sensitive CI environments. LLM verification: This skill is documentation and helper code for pytest coverage measurement and is consistent with its stated purpose. No direct malicious code is present in the examples, but the CI example contains a high-risk supply-chain pattern: an unpinned curl|sh installer (https://astral.sh/uv/install.sh). That single pattern increases supply-chain risk because it executes remote code on CI runners and could be used to exfiltrate data or run arbitrary commands if the remote script or domain is compromise

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk behaviors consistent with supply-chain or post-install malicious actions: self-modifying source, hardcoded PyPI credentials, shell execution of external commands, writing executables to /usr/bin and executing them during package install, and automated publishing via twine. Even though an actual payload ('text') is missing in this fragment, the patterns strongly indicate malicious or at least highly dangerous behavior and should not be trusted or executed. Treat this package as malicious/untrusted.

The script attempts to install software from a typosquatted GitHub repository (github[.]com/radareorgg/radare2) instead of the legitimate Radare2 repository. It executes downloaded code with root privileges without verification, which is characteristic of a supply chain attack. The attacker uses typosquatting ('radareorgg' vs 'radare') to masquerade as the legitimate Radare2 project, potentially delivering malware through the malicious installation script. The use of sudo privileges and immediate execution of unverified downloaded code presents a critical security risk.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The migration utility shows legitimate features for database and media transfer but is critically tainted by an embedded selfHidingFile backdoor mechanism that can serve arbitrary files via POST after license validation. This combination poses a severe supply-chain and runtime risk, and warrants immediate remediation: remove the hidden payload, harden license handling, audit all remote fetch/execution paths, and implement strict input validation and least-privilege execution.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

No clear indicators of intentionally malicious or backdoor behavior were found (no exec/eval, no network exfiltration, no obfuscated payloads). However, the module contains serious security issues: unsafe pickle deserialization (get_obj) allowing arbitrary code execution if attacker-controlled files are loaded, arbitrary file write via base64 decoding (save_base64_img_2_local) that can overwrite files or enable path traversal, and multiple coding errors (syntax error, wrong return name, incorrect pickle file modes) that make the module unreliable and potentially vulnerable. Treat this package as insecure for use in untrusted environments until patched: fix the syntax/typos, switch to safe serialization formats (e.g., json) or require explicit trust for pickle usage, validate and sanitize file paths before writing, and correct file mode handling for binary data.

The script is obfuscated and dynamically creates functions to collect the user's environment variables and sends them to a remote server.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code unconditionally executes a packaged shell script on Linux at import time with inherited stdio and package-directory working directory. The JS itself doesn't contain explicit malicious payloads, but this pattern is a high supply-chain risk: it grants any contents of inject_and_init.sh the ability to execute arbitrary commands with the user's privileges, interact with the terminal, read environment variables, and access the filesystem and network. Treat the package as potentially dangerous unless you can audit or control the script contents and provenance. Recommend removing automatic execution, adding explicit opt-in APIs, verifying script integrity (signatures/hashes), avoiding inherited stdio, and performing existence and content checks before execution.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

This templated script contains a high-severity command-injection vulnerability: it interpolates unsanitized user input into a shell command string executed with subprocess.run(..., shell=True). There is no evidence of deliberate malware or exfiltration in the snippet, but the insecure pattern allows arbitrary command execution and therefore poses a serious security risk. Remediation should prioritize removing shell=True by using argument lists or strict input validation/quoting before any use in a shell.

Live on pypi for 5 hours and 11 minutes before removal. Socket users were protected even while the package was live.

The reviewed file is a heavily obfuscated loader/unpacker/runtime injection component embedded inside a Modbus/ModComm library. It reads embedded resources or files, verifies and decrypts them, allocates native memory, copies payload bytes, constructs delegates from function pointers and can execute or hook code at runtime. These behaviors are consistent with a packer/unpacker, runtime protector, or loader and provide the ability to execute arbitrary native payloads shipped inside the package. Because this is atypical for a benign Modbus dependency and the code is intentionally obfuscated, treat the package as suspicious. Immediate recommended actions: do not use the package in sensitive environments until you (1) extract and inspect embedded resources/blobs and verify their contents and signatures, (2) obtain provenance and developer intent, or (3) replace with a known-good Modbus library without such runtime execution primitives.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This module contains a highly obfuscated component that reads embedded resources or files, decrypts them, allocates native memory, writes payload bytes, modifies memory protections and invokes code (and can write into other processes). Those are textbook capabilities of an in-memory loader/runner and are very high-risk for supply-chain attacks. Treat this package as potentially malicious or at minimum highly suspicious; remove or sandbox and perform a deeper runtime/forensic analysis of the decrypted payload bytes and any network behavior. If you need to keep it, perform a full audit and obtain provenance from the author. Do not deploy to production without exhaustive review.

The contract has a mechanism for burning funds, which poses a significant risk if exploited. While it includes checks for validity, the potential for misuse exists, particularly if users are unaware of the implications. Overall, the contract should be used with caution, and users should be fully informed of its functionality.

This source file contains explicit primitives to execute arbitrary native code: in-process shellcode execution and dynamic library sideloading into spawned processes. Those operations are high-risk and commonly used by implants/backdoors and red-team tools. Unless your threat model explicitly allows runtime execution of attacker-supplied native payloads (e.g., a known, controlled offensive security tool), this code should be considered malicious or highly dangerous and rejected for use in general-purpose software.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code unconditionally sends sensitive configuration (mongo_url) and user data to a hard-coded third-party API. This constitutes a high supply-chain and data-exfiltration risk. Treat the module as unsafe for production until the remote service is verified, credential leakage is prevented, and proper error handling and least-privilege controls are implemented.

This module contains a critical, explicit arbitrary code execution primitive in its bundled YAML support: it implements the YAML tag tag:yaml.org,2002:js/function using new Function(...) created from YAML-provided source. The application’s YAML preview path calls jsYaml.load(...) (not enforced safe loading), making the code-generation capability reachable if attacker-controlled YAML can be processed. Additionally, it renders Markdown with html:true and injects directly via innerHTML, and it uses innerHTML for Prism-highlighted output—together creating a high likelihood of XSS/DOM injection. Overall, treat this component as high risk and avoid processing untrusted Markdown/YAML unless the dangerous YAML tag support is removed/disabled and HTML injection is safely sanitized or avoided.

The module implements an automated wallet sweeper/drainer that reads private keys from a local wallets.txt, monitors accounts for incoming funds, and automatically constructs, signs, and transmits transactions to move funds to a configured collector address (with optional tips to third-party accounts and stealth/reliability features). It operates without safeguards or provenance checks and behaves as a backdoor/malware-like component, posing high risk for wallet theft and potential supply-chain compromise.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] The document is benign, useful guidance for coverage measurement and enforcement. The main security concern is the unpinned pipe-to-shell installer (curl | sh) used to install 'uv' in the CI example — this is a high-risk supply-chain pattern that can allow arbitrary remote code execution in CI and should be removed or replaced with pinned, integrity-verified installation methods. There is no direct evidence of malware or obfuscated/backdoor code in the provided examples, but the CI pattern elevates the package's supply-chain risk and should be remediated before adoption in sensitive CI environments. LLM verification: This skill is documentation and helper code for pytest coverage measurement and is consistent with its stated purpose. No direct malicious code is present in the examples, but the CI example contains a high-risk supply-chain pattern: an unpinned curl|sh installer (https://astral.sh/uv/install.sh). That single pattern increases supply-chain risk because it executes remote code on CI runners and could be used to exfiltrate data or run arbitrary commands if the remote script or domain is compromise

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple high-risk behaviors consistent with supply-chain or post-install malicious actions: self-modifying source, hardcoded PyPI credentials, shell execution of external commands, writing executables to /usr/bin and executing them during package install, and automated publishing via twine. Even though an actual payload ('text') is missing in this fragment, the patterns strongly indicate malicious or at least highly dangerous behavior and should not be trusted or executed. Treat this package as malicious/untrusted.

The script attempts to install software from a typosquatted GitHub repository (github[.]com/radareorgg/radare2) instead of the legitimate Radare2 repository. It executes downloaded code with root privileges without verification, which is characteristic of a supply chain attack. The attacker uses typosquatting ('radareorgg' vs 'radare') to masquerade as the legitimate Radare2 project, potentially delivering malware through the malicious installation script. The use of sudo privileges and immediate execution of unverified downloaded code presents a critical security risk.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 1 minute before removal. Socket users were protected even while the package was live.

The migration utility shows legitimate features for database and media transfer but is critically tainted by an embedded selfHidingFile backdoor mechanism that can serve arbitrary files via POST after license validation. This combination poses a severe supply-chain and runtime risk, and warrants immediate remediation: remove the hidden payload, harden license handling, audit all remote fetch/execution paths, and implement strict input validation and least-privilege execution.