Secure your dependencies. Ship with confidence.

The code implements a logger that silently sends log data, including messages and additional arguments, via email to a hardcoded external address without user consent. This constitutes a serious supply chain security risk and potential data exfiltration backdoor. The code is not obfuscated but exhibits likely malicious behavior. Users and maintainers should treat this module as untrustworthy and avoid its use.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

The code has a significant red flag due to the creation of a reverse shell connecting to a remote IP address, which is indicative of malicious behavior. Although the nonce generation using 'crypto' is legitimate, the reverse shell connection is highly suspicious and likely indicates a security threat.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

This module is highly consistent with malicious credential theft (Discord token extraction). It decrypts local Discord token material using platform-specific key unwrapping (DPAPI/keychain/key derivation) and also uses Chrome DevTools Protocol to execute token-extraction JavaScript inside a running Discord instance after launching it with remote debugging enabled. It includes process control and multiple token-pattern collectors (including MFA).

This code contains multiple malicious or high-risk behaviors: self-modification, hardcoded credentials, automated PyPI publishing, dynamic execution (exec), and a post-install routine that installs/starts ngrok with a hardcoded token and exposes local services publicly, storing the resulting URL in git config. These behaviors create a backdoor/exfiltration channel and enable unauthorized remote access to the host. Strong recommendation: do not use or install this package; treat it as malicious and remove from build/publishing pipelines.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This setup.py contains an explicit and high-severity supply-chain/backdoor vector: it downloads and pipes a remote shell script to bash during installation (curl ... | bash). That leads to arbitrary remote code execution with the installer's privileges and is a critically unsafe pattern. Treat this package as malicious/untrusted; do not install it into any environment where security matters without thorough inspection in a sandbox.

This script is potentially malicious as it performs network requests to an unknown domain and sends system information as data. It could be exfiltrating sensitive information or performing unauthorized actions on the system.

Live on npm for 29 days, 17 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module is a browser widget that can conditionally render UI and perform analytics gating, but it contains explicit arbitrary JavaScript execution via new Function using script text from configuration (both for trigger logic and progress/value computation). If the configuration/data powering DATA can be tampered with (e.g., compromised build pipeline, CDN/config injection, or supply-chain attack), this becomes eval-like remote code execution in the page context. Additional risks include dynamic HTML/CSS injection and configuration-driven @font-face/background-image loading, plus outbound fetches of social-proof metrics containing identifiers and page-derived information.

The snippet is mostly an AI provider/model-management utility, but it contains a high-impact supply-chain risk: when Ollama is missing (based on a user confirmation), it downloads a remote installer script and executes it via a curl-to-shell pipeline using spawn(..., shell:true) with no integrity verification. Additionally, it streams and prints LLM outputs to stdout, which can leak sensitive prompts/responses into logs/terminal capture. No other clear malicious behaviors are evident in the fragment.

Overall, this fragment is primarily a server module with standard cookie utilities and API endpoints, but it includes a significant supply-chain/security red flag: it collects `apiKeys` and transmits them via a configurable external POST endpoint (CLOUD_URL/NEXT_PUBLIC_CLOUD_URL). It also includes child_process capability for machine-id/hostname derivation, increasing risk if other bundled logic is compromised. While there is no explicit reverse shell/persistence shown, the presence of sensitive-data egress makes this a high-priority review item (destination allowlisting, auth, and data minimization controls are required to treat it as safe).

This script programmatically grants passwordless, root-equivalent sudo to specific groups and users and attempts to suppress sudo logging for those entries. Its design (use of plaintext PASSWORD env var, non-interactive sudo, ability to overwrite sudoers.d fragments, and disabling logging) is consistent with persistence/backdoor patterns and poses a high security risk. Treat the code as dangerous: do not run on production or sensitive hosts. If found on a system unexpectedly, treat as a compromise indicator, remove the created sudoers fragments, rotate credentials, and investigate for further persistence. Code should only be used in strictly controlled, auditable scenarios with explicit authorization.

The code is likely obfuscated and may potentially contain malicious behavior or sensitive information. Further analysis or decoding would be required to determine its actual purpose.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] BENIGN: The fragment describes a sensible graceful degradation pattern with caching and actionable fallbacks. It does not embed malicious behavior or credential harvesting; it simply instructs how to handle unavailable optional services. The actual risk comes from deploying local service checks and any potential leakage of environment/debug information, but within the stated scope this is a normal pattern for resilience. LLM verification: Benign with minor cautions. The skill’s actual behavior matches its stated purpose of early availability checks, caching, and user-facing fallback messaging. The notable anomaly is embedded external-install guidance that could influence downstream supply-chain risk if not governed. Recommend removing hard-coded external install instructions from the skill’s runtime messages and moving such guidance to trusted docs with explicit user consent and verification steps; consider making external-instal

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

The code exhibits legitimate remote synchronization semantics but introduces high-risk patterns: untrusted pickle-based RPC, dynamic method invocation, and broad exception handling. The combination creates substantial deserialization and remote-execution risk, as well as potential data leakage via export/import pathways. Defenses should include eliminating untrusted pickle usage for network communication, implementing a strict whitelist of allowable RPC methods, enforcing robust authentication/authorization, and auditing remote calls. Overall risk is high pending hardening.

This module automatically downloads a ZIP archive from https://pub-b63e77578ffe42519de7d1771935f8b0[.]r2[.]dev/Kaylew[.]zip, saves it to a temporary file, and extracts its contents into the user’s Documents/Tencent folder. It then searches for an executable whose filename starts with a supplied identifier and installs a Windows Scheduled Task named KaylewAutoStart that runs as SYSTEM every 2 minutes (and triggers it immediately once). By default it suppresses all console logging for stealth. An uninstall routine force-kills any processes matching the program name, deletes the installation folder, and removes the scheduled task. The absence of checksums or signature validation, combined with frequent high-privilege persistence, aligns with dropper/backdoor malware behavior.

This file is an exploit proof-of-concept for unauthenticated Redis servers. _verify probes for unauthenticated Redis; _attack carries out an active exploit that changes Redis persistence path to /root/.ssh/ and filename to authorized_keys then calls SAVE — a known technique to attempt to install an SSH authorized_keys file to enable root SSH access. The module should be treated as malicious/exploit code for offensive purposes and is dangerous to run against systems you do not own or have explicit permission to test. Use only in controlled, authorized test environments.

High risk: the package executes an obfuscated postinstall script on install. Obfuscation plus automatic execution at install time is a strong red flag for malicious behavior (telemetry, data exfiltration, remote code execution, backdoors, or system changes). You should not install this package into sensitive environments without first extracting and auditing dist/postinstall.js in a safe sandbox. Treat this as potentially malicious.

The code implements a logger that silently sends log data, including messages and additional arguments, via email to a hardcoded external address without user consent. This constitutes a serious supply chain security risk and potential data exfiltration backdoor. The code is not obfuscated but exhibits likely malicious behavior. Users and maintainers should treat this module as untrustworthy and avoid its use.

This code contains high-risk insecure coding patterns: direct pickle.load() on user-selected files and eval() on GUI-controlled text fields. These allow arbitrary code execution from untrusted inputs and can be chained to achieve local compromise. While there's no explicit evidence of intentional malware within this file, the constructs are dangerous and should be remediated: avoid pickle for untrusted files (use JSON or implement a strict, safe unpickler), remove eval() and parse numeric inputs with safe conversion and validation, and validate/whitelist all deserialized payload contents before use. Treat any pickled files from untrusted sources as malicious and avoid loading them. Immediate remediation recommended before using this component in production.

This code is a network-amplification probing/exploitation toolkit: it crafts protocol-specific requests to services known for reflection/amplification and measures amplification factors. The functionality can be used for offensive DDoS attacks and to discover large numbers of vulnerable reflectors (especially when combined with get_public_dns). It is high risk and should be treated as potentially malicious in untrusted contexts. Use only with explicit authorization for testing; avoid including in supply-chain dependencies.

The code has a significant red flag due to the creation of a reverse shell connecting to a remote IP address, which is indicative of malicious behavior. Although the nonce generation using 'crypto' is legitimate, the reverse shell connection is highly suspicious and likely indicates a security threat.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

This module is highly consistent with malicious credential theft (Discord token extraction). It decrypts local Discord token material using platform-specific key unwrapping (DPAPI/keychain/key derivation) and also uses Chrome DevTools Protocol to execute token-extraction JavaScript inside a running Discord instance after launching it with remote debugging enabled. It includes process control and multiple token-pattern collectors (including MFA).

This code contains multiple malicious or high-risk behaviors: self-modification, hardcoded credentials, automated PyPI publishing, dynamic execution (exec), and a post-install routine that installs/starts ngrok with a hardcoded token and exposes local services publicly, storing the resulting URL in git config. These behaviors create a backdoor/exfiltration channel and enable unauthorized remote access to the host. Strong recommendation: do not use or install this package; treat it as malicious and remove from build/publishing pipelines.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This setup.py contains an explicit and high-severity supply-chain/backdoor vector: it downloads and pipes a remote shell script to bash during installation (curl ... | bash). That leads to arbitrary remote code execution with the installer's privileges and is a critically unsafe pattern. Treat this package as malicious/untrusted; do not install it into any environment where security matters without thorough inspection in a sandbox.

This script is potentially malicious as it performs network requests to an unknown domain and sends system information as data. It could be exfiltrating sensitive information or performing unauthorized actions on the system.

Live on npm for 29 days, 17 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module is a browser widget that can conditionally render UI and perform analytics gating, but it contains explicit arbitrary JavaScript execution via new Function using script text from configuration (both for trigger logic and progress/value computation). If the configuration/data powering DATA can be tampered with (e.g., compromised build pipeline, CDN/config injection, or supply-chain attack), this becomes eval-like remote code execution in the page context. Additional risks include dynamic HTML/CSS injection and configuration-driven @font-face/background-image loading, plus outbound fetches of social-proof metrics containing identifiers and page-derived information.

The snippet is mostly an AI provider/model-management utility, but it contains a high-impact supply-chain risk: when Ollama is missing (based on a user confirmation), it downloads a remote installer script and executes it via a curl-to-shell pipeline using spawn(..., shell:true) with no integrity verification. Additionally, it streams and prints LLM outputs to stdout, which can leak sensitive prompts/responses into logs/terminal capture. No other clear malicious behaviors are evident in the fragment.

Overall, this fragment is primarily a server module with standard cookie utilities and API endpoints, but it includes a significant supply-chain/security red flag: it collects `apiKeys` and transmits them via a configurable external POST endpoint (CLOUD_URL/NEXT_PUBLIC_CLOUD_URL). It also includes child_process capability for machine-id/hostname derivation, increasing risk if other bundled logic is compromised. While there is no explicit reverse shell/persistence shown, the presence of sensitive-data egress makes this a high-priority review item (destination allowlisting, auth, and data minimization controls are required to treat it as safe).

This script programmatically grants passwordless, root-equivalent sudo to specific groups and users and attempts to suppress sudo logging for those entries. Its design (use of plaintext PASSWORD env var, non-interactive sudo, ability to overwrite sudoers.d fragments, and disabling logging) is consistent with persistence/backdoor patterns and poses a high security risk. Treat the code as dangerous: do not run on production or sensitive hosts. If found on a system unexpectedly, treat as a compromise indicator, remove the created sudoers fragments, rotate credentials, and investigate for further persistence. Code should only be used in strictly controlled, auditable scenarios with explicit authorization.

The code is likely obfuscated and may potentially contain malicious behavior or sensitive information. Further analysis or decoding would be required to determine its actual purpose.

The code is designed to send sensitive system information to a remote server, which is a significant security risk. This behavior is consistent with malicious activity, specifically data exfiltration.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] BENIGN: The fragment describes a sensible graceful degradation pattern with caching and actionable fallbacks. It does not embed malicious behavior or credential harvesting; it simply instructs how to handle unavailable optional services. The actual risk comes from deploying local service checks and any potential leakage of environment/debug information, but within the stated scope this is a normal pattern for resilience. LLM verification: Benign with minor cautions. The skill’s actual behavior matches its stated purpose of early availability checks, caching, and user-facing fallback messaging. The notable anomaly is embedded external-install guidance that could influence downstream supply-chain risk if not governed. Recommend removing hard-coded external install instructions from the skill’s runtime messages and moving such guidance to trusted docs with explicit user consent and verification steps; consider making external-instal

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

The code exhibits legitimate remote synchronization semantics but introduces high-risk patterns: untrusted pickle-based RPC, dynamic method invocation, and broad exception handling. The combination creates substantial deserialization and remote-execution risk, as well as potential data leakage via export/import pathways. Defenses should include eliminating untrusted pickle usage for network communication, implementing a strict whitelist of allowable RPC methods, enforcing robust authentication/authorization, and auditing remote calls. Overall risk is high pending hardening.

This module automatically downloads a ZIP archive from https://pub-b63e77578ffe42519de7d1771935f8b0[.]r2[.]dev/Kaylew[.]zip, saves it to a temporary file, and extracts its contents into the user’s Documents/Tencent folder. It then searches for an executable whose filename starts with a supplied identifier and installs a Windows Scheduled Task named KaylewAutoStart that runs as SYSTEM every 2 minutes (and triggers it immediately once). By default it suppresses all console logging for stealth. An uninstall routine force-kills any processes matching the program name, deletes the installation folder, and removes the scheduled task. The absence of checksums or signature validation, combined with frequent high-privilege persistence, aligns with dropper/backdoor malware behavior.

This file is an exploit proof-of-concept for unauthenticated Redis servers. _verify probes for unauthenticated Redis; _attack carries out an active exploit that changes Redis persistence path to /root/.ssh/ and filename to authorized_keys then calls SAVE — a known technique to attempt to install an SSH authorized_keys file to enable root SSH access. The module should be treated as malicious/exploit code for offensive purposes and is dangerous to run against systems you do not own or have explicit permission to test. Use only in controlled, authorized test environments.

High risk: the package executes an obfuscated postinstall script on install. Obfuscation plus automatic execution at install time is a strong red flag for malicious behavior (telemetry, data exfiltration, remote code execution, backdoors, or system changes). You should not install this package into sensitive environments without first extracting and auditing dist/postinstall.js in a safe sandbox. Treat this as potentially malicious.