Secure your dependencies. Ship with confidence.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This code fragment is structured as an exploit/probing module targeting remote command execution: it sends a crafted TCP payload containing an `nslookup` command with a randomized token, then waits and verifies success via an out-of-band HTTP logging endpoint that should return 'YES' for that token. While the payload-construction line appears corrupted (which may prevent it from functioning as-is) and the __main__ invocation looks malformed, the overall design and behavior patterns strongly indicate malicious/weaponized scanning capability rather than legitimate debugging.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module is an MCP agent exposing many powerful device-control and data-access endpoints over stdio. The snippet contains no explicit obfuscation or hardcoded secrets and no direct evidence of malicious payloads inside this file, but it creates a high-risk remote-control surface. If the stdio transport or the MCP controller is not strongly authenticated and isolated, these endpoints enable surveillance and exfiltration (contacts, messages, screenshots, recordings) and remote actions (calls, app launches). Recommend auditing the FastMCP transport configuration, ensuring authentication/authorization, reviewing the implementations of the imported tools for any outgoing network/I/O, and applying least-privilege principles before deploying.

Live on pypi for 5 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and transmitting system information to a suspicious domain. The use of obfuscation further indicates an attempt to conceal its true purpose. This poses a significant security risk.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

This script is high-risk: it will consume arbitrary amounts of disk space and, due to a variable typo in the removal step, is likely to leave the filesystem filled. Combined with nohup, the effect can persist beyond the invoking session and cause denial-of-service. There is no sign of data exfiltration or network-based maliciousness, but the destructive behavior and lack of safeguards make it unsafe to run on production or multi-user systems. Treat as potentially malicious or at minimum dangerous test code and do not execute without strict containment and validation.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The script enables a plausible supply-chain attack by allowing an attacker-controlled binary provided via $1 to be copied into the Cargo bin directory and used to shadow or replace cargo-binstall during self-update cycles. The lack of integrity checks, input validation, and signature verification significantly elevates risk, making remote code execution or persistent backdoors feasible through trusted tooling. Recommendation: prohibit overwriting core tooling, verify hashes/signatures of all binaries, validate the origin of $1, and remove or constrain the ability to modify CARGO_HOME/bin during tool updates.

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

This module exhibits clear malicious behaviors: it installs a per-user persistent service by writing and starting a systemd unit and a Python payload, harvests npm authentication tokens from disk, environment and npm config, and attempts to hand those tokens to a deploy.js process via environment variables in a detached/hidden process. The presence of a hardcoded base64 payload and secret-harvesting logic combined with persistence and hidden execution is consistent with a malicious backdoor/exfiltration component. I recommend treating this package as malicious and not using it; remove it from systems where it ran and inspect the decoded Python payload and any spawned processes for further compromise.

Live on npm for 6 days, 12 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This module is malicious or at minimum dangerously unsafe for use. It contains hardcoded PyPI credentials, self-modifies its own source, writes to system/site-package files (including os.path.__file__), runs arbitrary shell commands (including rm -rf), and automates package publishing via twine. These are strong indicators of supply-chain attack, credential misuse, and sabotage. Do not run or install this package; treat it as high-risk and remove from any build or CI processes.

High-risk and likely malicious behavior. The `password-recovery` hook performs sensitive credential harvesting by scanning raw disk (/dev/sda) and searching the application directory (/app) for PASSWORD patterns, writing results to /tmp. The `git-leak-recovery` hook performs secrets recovery-style operations (git reflog/log extraction and copying .git). Additionally, the code hardcodes an API key in the generated config. While the snippet contains apparent formatting/corruption errors, the dangerous command payloads are clearly present; this should be treated as a security alert and reviewed/blocked before use.

This bootstrap wrapper forcibly redirects 'login' and 'publish' operations to a hard-coded external registry (https://registry-pxnpm.rdc.q7b.site:20023) by mutating process.argv. Redirecting only credential- and publish-bearing commands is highly suspicious and consistent with credential harvesting or a malicious supply-chain redirect. The rest of the script shows typical CLI setup, but the selective registry override is a strong red flag. Treat the package as compromised until provenance of the registry and the package's dist files are validated.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

This script exfiltrates sensitive system information and credentials to an external server. It collects OS details (username, hostname, platform, release, architecture) and critically captures ALL environment variables (process.env), which typically contain API keys, database credentials, and authentication tokens. The data is JSON-encoded, base64-wrapped, and transmitted via HTTPS POST to an obfuscated external domain (oastify[.]com). The code employs heavy obfuscation including hex-encoded strings for module names ('os', 'https'), property names, and the destination hostname. Response handlers are deliberately empty to avoid leaving traces. This is credential-harvesting malware that poses severe security risk - any secrets in environment variables on affected systems should be immediately rotated.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

This bundled SweetAlert2 library (v10.16.7) contains a known protestware payload embedded in the distribution. The malicious code block activates only for users whose browser language starts with 'ru' (Russian) and whose site hostname matches Russian TLDs (.ru, .su, .xn--p1ai). It uses localStorage key 'swal-initiation' to persist a timestamp and implements a 3-day delay before triggering the payload. When activated, the payload: (1) sets document.body.style.pointerEvents='none', globally disabling all mouse/touch interaction on the page; (2) creates an HTML audio element with src='https://flag-gimn[.]ru/wp-content/uploads/2021/09/Ukraina[.]mp3', sets loop=true, appends it to document.body, and calls play() after a 2.5-second delay. This results in an externally-hosted political audio file being fetched and played on loop while the user is unable to interact with the page. The payload is unrelated to the library's modal/dialog functionality, contacts a third-party domain without user consent, and constitutes a deliberate supply-chain compromise. There is no mechanism to revert the pointerEvents change, no opt-out, and no disclosure. This version should be treated as poisoned and removed immediately.

The code exhibits potential security risks related to user authentication and data handling, particularly with the CAPTCHA cracking functionality. While there are no clear indicators of malware, the use of external libraries and dynamic code execution raises concerns. The overall risk is moderate, and further scrutiny is recommended.

Live on pypi for 213 days, 23 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This file contains a malicious backdoor that performs automated data exfiltration. The malware enumerates all local/persistent storage keys and values, then periodically transmits this collected data to an external Supabase project at https://rsntwsmehscwiwqfxlsm[.]supabase[.]co using a hard-coded service key (eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9[.]eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InJzbnR3c21laHNjd2l3cWZ4bHNtIiwicm9sZSI6ImFub24iLCJpYXQiOjE3MjU5MDc0ODEsImV4cCI6MjA0MTQ4MzQ4MX0[.]IZ0QAIOJ3wXVEEe58SKDATq0QCJMS3PoFROsqev2DDE). The exfiltration occurs every 10 seconds in an infinite loop that begins immediately when the module is loaded. The malware appends itself to otherwise legitimate Supabase client library code, representing a supply-chain attack. Local storage data typically contains session tokens, API keys, refresh tokens, and other sensitive credentials, making this a severe data breach risk. The backdoor operates without user consent or awareness and runs continuously while the process is active.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

This SQLite database file contains embedded explicit adult content and torrent distribution infrastructure instead of legitimate data. The file includes extensive HTML fragments with pornographic video metadata, download links to torrent files, and suspicious redirect URLs. Key malicious domains identified include rmdown[.]com, redircdn[.]com, 97p[.]org, qpic[.]ws, imgbox[.]com, and various other image hosting services. The content contains hash values for torrent files, BitTorrent magnet links, and obfuscated download URLs using multiple redirect layers to mask the true destinations. This represents a supply chain attack where adult content distribution infrastructure has been embedded within what appears to be a standard database file, potentially exposing users to inappropriate content and malicious download sites when accessed.

This code fragment is structured as an exploit/probing module targeting remote command execution: it sends a crafted TCP payload containing an `nslookup` command with a randomized token, then waits and verifies success via an out-of-band HTTP logging endpoint that should return 'YES' for that token. While the payload-construction line appears corrupted (which may prevent it from functioning as-is) and the __main__ invocation looks malformed, the overall design and behavior patterns strongly indicate malicious/weaponized scanning capability rather than legitimate debugging.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This module is an MCP agent exposing many powerful device-control and data-access endpoints over stdio. The snippet contains no explicit obfuscation or hardcoded secrets and no direct evidence of malicious payloads inside this file, but it creates a high-risk remote-control surface. If the stdio transport or the MCP controller is not strongly authenticated and isolated, these endpoints enable surveillance and exfiltration (contacts, messages, screenshots, recordings) and remote actions (calls, app launches). Recommend auditing the FastMCP transport configuration, ensuring authentication/authorization, reviewing the implementations of the imported tools for any outgoing network/I/O, and applying least-privilege principles before deploying.

Live on pypi for 5 hours and 58 minutes before removal. Socket users were protected even while the package was live.

The code poses a significant security risk and should be reviewed. It is recommended to remove unnecessary imports, verify the contents of the data folder and the WordPress websites before proceeding, and avoid using hardcoded credentials for WordPress login.

Live on npm for 1 hour and 22 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and transmitting system information to a suspicious domain. The use of obfuscation further indicates an attempt to conceal its true purpose. This poses a significant security risk.

Live on npm for 58 minutes before removal. Socket users were protected even while the package was live.

This script is high-risk: it will consume arbitrary amounts of disk space and, due to a variable typo in the removal step, is likely to leave the filesystem filled. Combined with nohup, the effect can persist beyond the invoking session and cause denial-of-service. There is no sign of data exfiltration or network-based maliciousness, but the destructive behavior and lack of safeguards make it unsafe to run on production or multi-user systems. Treat as potentially malicious or at minimum dangerous test code and do not execute without strict containment and validation.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

The script enables a plausible supply-chain attack by allowing an attacker-controlled binary provided via $1 to be copied into the Cargo bin directory and used to shadow or replace cargo-binstall during self-update cycles. The lack of integrity checks, input validation, and signature verification significantly elevates risk, making remote code execution or persistent backdoors feasible through trusted tooling. Recommendation: prohibit overwriting core tooling, verify hashes/signatures of all binaries, validate the origin of $1, and remove or constrain the ability to modify CARGO_HOME/bin during tool updates.

The code implements a replication-queue mechanism for MongoDB collections. It does not contain obvious remote-exfiltration, cryptomining, or backdoor network connections. However, it uses eval() to convert string-encoded arguments coming from queued DB documents into Python objects before calling replica operations. This is a high-risk code-execution vector: any attacker or process that can insert or tamper with queue/error documents (or cause untrusted strings to be persisted) can execute arbitrary Python code in the process and then cause arbitrary actions on the replica DB. Other issues are some implementation bugs (non-returning __getattr__) and broad exception handling. Recommend removing eval(), replacing it with safe parsing (json), validating queued data, and ensuring only trusted code writes to the queue/error collections.

This module exhibits clear malicious behaviors: it installs a per-user persistent service by writing and starting a systemd unit and a Python payload, harvests npm authentication tokens from disk, environment and npm config, and attempts to hand those tokens to a deploy.js process via environment variables in a detached/hidden process. The presence of a hardcoded base64 payload and secret-harvesting logic combined with persistence and hidden execution is consistent with a malicious backdoor/exfiltration component. I recommend treating this package as malicious and not using it; remove it from systems where it ran and inspect the decoded Python payload and any spawned processes for further compromise.

Live on npm for 6 days, 12 hours and 36 minutes before removal. Socket users were protected even while the package was live.

This module is malicious or at minimum dangerously unsafe for use. It contains hardcoded PyPI credentials, self-modifies its own source, writes to system/site-package files (including os.path.__file__), runs arbitrary shell commands (including rm -rf), and automates package publishing via twine. These are strong indicators of supply-chain attack, credential misuse, and sabotage. Do not run or install this package; treat it as high-risk and remove from any build or CI processes.

High-risk and likely malicious behavior. The `password-recovery` hook performs sensitive credential harvesting by scanning raw disk (/dev/sda) and searching the application directory (/app) for PASSWORD patterns, writing results to /tmp. The `git-leak-recovery` hook performs secrets recovery-style operations (git reflog/log extraction and copying .git). Additionally, the code hardcodes an API key in the generated config. While the snippet contains apparent formatting/corruption errors, the dangerous command payloads are clearly present; this should be treated as a security alert and reviewed/blocked before use.

This bootstrap wrapper forcibly redirects 'login' and 'publish' operations to a hard-coded external registry (https://registry-pxnpm.rdc.q7b.site:20023) by mutating process.argv. Redirecting only credential- and publish-bearing commands is highly suspicious and consistent with credential harvesting or a malicious supply-chain redirect. The rest of the script shows typical CLI setup, but the selective registry override is a strong red flag. Treat the package as compromised until provenance of the registry and the package's dist files are validated.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

This script exfiltrates sensitive system information and credentials to an external server. It collects OS details (username, hostname, platform, release, architecture) and critically captures ALL environment variables (process.env), which typically contain API keys, database credentials, and authentication tokens. The data is JSON-encoded, base64-wrapped, and transmitted via HTTPS POST to an obfuscated external domain (oastify[.]com). The code employs heavy obfuscation including hex-encoded strings for module names ('os', 'https'), property names, and the destination hostname. Response handlers are deliberately empty to avoid leaving traces. This is credential-harvesting malware that poses severe security risk - any secrets in environment variables on affected systems should be immediately rotated.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

This bundled SweetAlert2 library (v10.16.7) contains a known protestware payload embedded in the distribution. The malicious code block activates only for users whose browser language starts with 'ru' (Russian) and whose site hostname matches Russian TLDs (.ru, .su, .xn--p1ai). It uses localStorage key 'swal-initiation' to persist a timestamp and implements a 3-day delay before triggering the payload. When activated, the payload: (1) sets document.body.style.pointerEvents='none', globally disabling all mouse/touch interaction on the page; (2) creates an HTML audio element with src='https://flag-gimn[.]ru/wp-content/uploads/2021/09/Ukraina[.]mp3', sets loop=true, appends it to document.body, and calls play() after a 2.5-second delay. This results in an externally-hosted political audio file being fetched and played on loop while the user is unable to interact with the page. The payload is unrelated to the library's modal/dialog functionality, contacts a third-party domain without user consent, and constitutes a deliberate supply-chain compromise. There is no mechanism to revert the pointerEvents change, no opt-out, and no disclosure. This version should be treated as poisoned and removed immediately.

The code exhibits potential security risks related to user authentication and data handling, particularly with the CAPTCHA cracking functionality. While there are no clear indicators of malware, the use of external libraries and dynamic code execution raises concerns. The overall risk is moderate, and further scrutiny is recommended.

Live on pypi for 213 days, 23 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This file contains a malicious backdoor that performs automated data exfiltration. The malware enumerates all local/persistent storage keys and values, then periodically transmits this collected data to an external Supabase project at https://rsntwsmehscwiwqfxlsm[.]supabase[.]co using a hard-coded service key (eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9[.]eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InJzbnR3c21laHNjd2l3cWZ4bHNtIiwicm9sZSI6ImFub24iLCJpYXQiOjE3MjU5MDc0ODEsImV4cCI6MjA0MTQ4MzQ4MX0[.]IZ0QAIOJ3wXVEEe58SKDATq0QCJMS3PoFROsqev2DDE). The exfiltration occurs every 10 seconds in an infinite loop that begins immediately when the module is loaded. The malware appends itself to otherwise legitimate Supabase client library code, representing a supply-chain attack. Local storage data typically contains session tokens, API keys, refresh tokens, and other sensitive credentials, making this a severe data breach risk. The backdoor operates without user consent or awareness and runs continuously while the process is active.

This module is a purpose-built destructive utility: given a user-supplied directory, it enumerates all files ending in .zip and corrupts them by truncating them to half their size and appending deterministic junk data. The absence of safeguards (dry-run/confirmation/allowlists) and the deliberate sabotage operations make this strongly indicative of malicious intent within a supply-chain context, even though it does not show typical malware capabilities like networking or data exfiltration.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 1 hour and 1 minute before removal. Socket users were protected even while the package was live.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.