Secure your dependencies. Ship with confidence.

Code constructs a file path to access Clipchamp application's private IndexedDB storage directory located in the Windows user profile AppData folder. Uses os.getlogin() to retrieve the current username and formats it into a hardcoded path template targeting Clipchamp's LocalState data directory. IndexedDB typically contains user projects, media files, preferences, and other sensitive application data. This represents unauthorized access to another application's private data storage, constituting potential data theft. The code contains a syntax error with a missing closing parenthesis but shows clear malicious intent to access user data without authorization.

The install script triggers execution of index.js immediately after installation and the package metadata explicitly names it a reverse shell. This is almost certainly malicious: it enables untrusted remote code execution and access (reverse shell), posing severe risks including data exfiltration and system compromise. Do not install; inspect and remove the package and any network connections if already installed.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The module is a minimal, plaintext TCP file-transfer client that will read arbitrary local files and send their name and contents to a remote host specified interactively. The code is not obfuscated but is highly capable of data exfiltration if executed in an environment with sensitive files and a malicious or untrusted remote endpoint. No hard-coded backdoors or credentials were found, but the combination of unrestricted file reads, plaintext network transmission, and missing safeguards yields a high practical security risk. Treat this script as potentially dangerous in hostile environments; only run it when the remote endpoint and file selections are trusted.

This heavily obfuscated script searches a user’s home and system directories for browser profiles (Brave, Chrome, Firefox, Opera, Edge), credential stores (Login Data, Local State, keychain files on macOS, Windows credential databases), crypto wallets (Exodus, Solana, .wallet files), extensions and leveldb files, then stages them under a hidden folder (~/.n3 or OS-specific tmp) and sends them in multipart HTTP POSTs to an external server at http://23[.]227[.]202[.]24. It also fetches and extracts remote payloads (via tar -xf), invokes python3 or other executables with child_process.exec, and includes timer/retry logic to persist and repeat exfiltration. The combination of obfuscation, targeted file lists, local staging, and clear exfiltration to a hard-coded IP confirms this is malicious malware.

High likelihood of malicious or at least highly suspicious activity due to heavy obfuscation and dynamic evaluation. The fragment relies on an eval-based unpacking routine to reconstruct and execute code, which is a classic indicator of potential backdoors, data exfiltration, or other harmful runtime actions. Without a clean, documented, and deobfuscated version, the code should be treated as a potential security risk and avoided in supply chains unless thoroughly analyzed in a controlled environment (e.g., dynamic analysis in a sandbox).

The code exhibits several security risks, particularly in the sendEmail function which could lead to data exfiltration. The presence of hardcoded values and lack of input validation raises concerns about potential malicious behavior. Overall, the code should be reviewed and modified to mitigate these risks.

Live on pypi for 106 days, 22 hours and 10 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected This sf-data skill is functionally consistent with its stated purpose (Salesforce data operations). I did not find embedded malicious code or obfuscation in the provided skill content. Primary risks stem from operational behaviors: PreToolUse/PostToolUse execute local Python scripts (arbitrary code execution risk) and an optional dependency points to a personal GitHub repo (supply-chain trust required). Recommend: review any hook scripts before use and audit the referenced GitHub plugin before installing. Use ephemeral orgs or strict least-privilege credentials when testing destructive operations. LLM verification: This SKILL.md describes a legitimate Salesforce data operations skill whose capabilities (SOQL, CRUD, bulk operations, test-data generation) align with the tools it references (sf CLI, templates, .apex files). There is no evidence in the provided text of obfuscation, credential harvesting, or third-party exfiltration. However, the skill is inherently high-risk operationally because it can execute destructive operations (DELETE, bulk imports/exports, anonymous Apex) against remote Salesforce orgs

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

High-severity client-side security issue: the code fetches remote SVG/XML, injects it into the DOM, and—when configured—extracts embedded <script> content from that SVG and executes it via Function(...)(window). This constitutes a direct remote-code-execution/DOM-XSS primitive in the browser. Other parts (AI/gateway streaming/schema validation) look functionally typical, with their main contribution being expanded impact of any compromise, but the dominant risk is the SVG script evaluation/execution mechanism.

The code is heavily obfuscated and implements cryptographic unpacking, integrity checks, dynamic method creation and direct native process memory operations (VirtualAlloc/OpenProcess/WriteProcessMemory). Those native sinks are consistent with process injection or in-memory payload loading. While some of this may be part of an aggressive licensing/anti-tamper/protection mechanism, the combination of runtime decryption, hidden embedded blobs, and writing/executing memory in other processes is a strong malicious indicator unless explicitly documented and justified by the vendor. I recommend treating this package as high risk: require source provenance, vendor justification for native memory/write operations and a full dynamic/runtime analysis of the decrypted payload before use in production.

This source code is a malicious exploit script designed to remotely install a PHP webshell (vvv<?php eval($_POST[zzz]);?>) on a target web server by delivering an eval-wrapped, chr()-encoded payload via the HTTP User-Agent header and then verifying installation. Despite syntactic errors in the provided fragment, the intent, payload, and delivery mechanism are clear. Do not run this code; treat any occurrences as a high-risk compromise indicator and remove/report accordingly.

This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.

The analyzed fragment demonstrates a highly invasive runtime tampering mechanism that intercepts and rewrites script loading and asset retrieval inside an iframe, driven by engine version checks and cross-window communication. While some aspects could reflect a legitimate integrity-assurance approach, the combination of extensive API overrides, resource redirection via blob URLs, and exfiltration-like backchannel communications presents substantial supply-chain and runtime security risks. Treat this as high-risk and thoroughly verify origin and intent before integrating into any public or shared library. Prefer containment or sandboxing, and consider removing or replacing with vetted, trusted functionality.

High-risk cookie extraction/decryption library. It enumerates local browser profiles, launches a headless browser with CDP to query Network.getAllCookies, reads cookie databases/binary stores, and decrypts cookie values using OS key stores (macOS Keychain/secret-tool on Linux/DPAPI via PowerShell on Windows). While it may be intended for legitimate recovery, in a supply-chain context this is a credential-harvesting capability and should be treated as potentially malicious or at minimum extremely sensitive.

High supply-chain/security concern. This module implements a download-and-persist mechanism for a platform-specific tunneling native executable from a public CDN, writing the payload to a local cache directory and immediately marking it executable (0755) without any shown integrity verification. Proxy environment variables further affect how the download is performed. While the fragment does not display the subsequent execution/command-and-control step, the install pipeline is strongly consistent with dropper-style tunneling tooling and should be reviewed holistically (URL pinning, checksum/signature validation, execution arguments, and whether proxy env overrides can be abused).

This module is a UI framework package that also embeds highly obfuscated startup logic resembling a decrypt/verify/unpack stage (startup-invoked FileStream/BinaryReader over an internal path-like string plus extensive crypto/hash/byte transforms). Additionally, it includes a UI keyboard component that declares Win32 keybd_event, enabling keyboard event injection into the host session. While the excerpt is truncated and many UI handlers are neutralized, the load-time crypto/file processing plus explicit OS input injection capability constitutes a significant supply-chain security red flag and should be treated as potentially malicious until fully deobfuscated and sandboxed.

This file defines a sendEmail function that, instead of sending mail through a legitimate SMTP or trusted API, exfiltrates all provided email fields (from, to, subject, message) along with added metadata (source, from_email, to_email) via an unencrypted HTTP POST to the hardcoded endpoint http://emails[.]egytag[.]com/api/emails/add. The behavior occurs without user consent or configuration, leaks potentially sensitive message contents to an untrusted third party, and constitutes a deliberate data-theft backdoor.

This module is a deliberate payload generator for agent/LLM prompt-injection and callback-driven attacks. It constructs (and optionally encodes) attacker-controlled URLs and embeds them into explicit instructions that direct downstream systems to exfiltrate conversation/context, perform SSRF against internal/cloud metadata and localhost services, abuse tools for local file/config access, override instructions, and persist attacker directives for future sessions. While the code itself does not perform network/file operations, its outputs are highly action-oriented toward sensitive exploitation goals, making it unsafe to use in a supply-chain context without strong isolation and threat-model justification.

This file defines a small hex-decoder that reconstructs calls to require('axios'). It sends all process.env variables in a POST to https://ip-ap-check[.]vercel[.]app/api/ip-check/208 using header “x-secret-header: secret”, then immediately invokes eval() on the response body. This pattern enables both wholesale exfiltration of environment-based credentials and arbitrary remote code execution in the host process, constituting a high-severity malicious backdoor.

The provided code fragment represents a well-scoped Kubernetes Helm pattern guide and templated configuration for test and production environments. It demonstrates standard and accepted practices (secretKeyRef usage, resource requests/limits, probes, ingress TLS, hooks) without exposing credentials or enabling external command execution. The footprint is coherent with the stated purpose of configuring Kubernetes deployments via Helm and does not appear to introduce malicious behavior or unnecessary permission grants. Overall risk remains low to moderate (benign) given proper templating and secret management practices, with typical security considerations around migrations/hooks in production.

The script exhibits clear malicious behavior by collecting and transmitting system information to an external server without user consent. This justifies high malware and risk scores. The script is not obfuscated, so the obfuscation score is low.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

The CSSL runtime contains explicit high-risk vectors enabling arbitrary code execution and state manipulation from untrusted payloads (CSSLMOD pickled payloads, Python code executed via exec, and external scripts). Despite some protective measures, the combination of insecure deserialization, dynamic code execution, and runtime symbol manipulation constitutes a strong supply-chain and host-compromise risk. Production use should avoid untrusted payloads, sandbox dynamically loaded code, and implement strict provenance, integrity checks, and isolation (e.g., sandboxing, code signing, restricted APIs).

This file is a loader that executes an obfuscated, embedded payload at import time. That pattern is a strong red flag for supply-chain or backdoor behavior because it conceals runtime actions and executes with the importing process privileges. Treat this module as untrusted until the embedded payload is decoded and audited in a safe environment. Immediate actions: do not import in production; decode and review the inner code; run dynamic analysis in an isolated environment to determine actual intent and impact.

Live on pypi for 2 days, 6 hours and 8 minutes before removal. Socket users were protected even while the package was live.

Code constructs a file path to access Clipchamp application's private IndexedDB storage directory located in the Windows user profile AppData folder. Uses os.getlogin() to retrieve the current username and formats it into a hardcoded path template targeting Clipchamp's LocalState data directory. IndexedDB typically contains user projects, media files, preferences, and other sensitive application data. This represents unauthorized access to another application's private data storage, constituting potential data theft. The code contains a syntax error with a missing closing parenthesis but shows clear malicious intent to access user data without authorization.

The install script triggers execution of index.js immediately after installation and the package metadata explicitly names it a reverse shell. This is almost certainly malicious: it enables untrusted remote code execution and access (reverse shell), posing severe risks including data exfiltration and system compromise. Do not install; inspect and remove the package and any network connections if already installed.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The module is a minimal, plaintext TCP file-transfer client that will read arbitrary local files and send their name and contents to a remote host specified interactively. The code is not obfuscated but is highly capable of data exfiltration if executed in an environment with sensitive files and a malicious or untrusted remote endpoint. No hard-coded backdoors or credentials were found, but the combination of unrestricted file reads, plaintext network transmission, and missing safeguards yields a high practical security risk. Treat this script as potentially dangerous in hostile environments; only run it when the remote endpoint and file selections are trusted.

This heavily obfuscated script searches a user’s home and system directories for browser profiles (Brave, Chrome, Firefox, Opera, Edge), credential stores (Login Data, Local State, keychain files on macOS, Windows credential databases), crypto wallets (Exodus, Solana, .wallet files), extensions and leveldb files, then stages them under a hidden folder (~/.n3 or OS-specific tmp) and sends them in multipart HTTP POSTs to an external server at http://23[.]227[.]202[.]24. It also fetches and extracts remote payloads (via tar -xf), invokes python3 or other executables with child_process.exec, and includes timer/retry logic to persist and repeat exfiltration. The combination of obfuscation, targeted file lists, local staging, and clear exfiltration to a hard-coded IP confirms this is malicious malware.

High likelihood of malicious or at least highly suspicious activity due to heavy obfuscation and dynamic evaluation. The fragment relies on an eval-based unpacking routine to reconstruct and execute code, which is a classic indicator of potential backdoors, data exfiltration, or other harmful runtime actions. Without a clean, documented, and deobfuscated version, the code should be treated as a potential security risk and avoided in supply chains unless thoroughly analyzed in a controlled environment (e.g., dynamic analysis in a sandbox).

The code exhibits several security risks, particularly in the sendEmail function which could lead to data exfiltration. The presence of hardcoded values and lack of input validation raises concerns about potential malicious behavior. Overall, the code should be reviewed and modified to mitigate these risks.

Live on pypi for 106 days, 22 hours and 10 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected This sf-data skill is functionally consistent with its stated purpose (Salesforce data operations). I did not find embedded malicious code or obfuscation in the provided skill content. Primary risks stem from operational behaviors: PreToolUse/PostToolUse execute local Python scripts (arbitrary code execution risk) and an optional dependency points to a personal GitHub repo (supply-chain trust required). Recommend: review any hook scripts before use and audit the referenced GitHub plugin before installing. Use ephemeral orgs or strict least-privilege credentials when testing destructive operations. LLM verification: This SKILL.md describes a legitimate Salesforce data operations skill whose capabilities (SOQL, CRUD, bulk operations, test-data generation) align with the tools it references (sf CLI, templates, .apex files). There is no evidence in the provided text of obfuscation, credential harvesting, or third-party exfiltration. However, the skill is inherently high-risk operationally because it can execute destructive operations (DELETE, bulk imports/exports, anonymous Apex) against remote Salesforce orgs

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

High-severity client-side security issue: the code fetches remote SVG/XML, injects it into the DOM, and—when configured—extracts embedded <script> content from that SVG and executes it via Function(...)(window). This constitutes a direct remote-code-execution/DOM-XSS primitive in the browser. Other parts (AI/gateway streaming/schema validation) look functionally typical, with their main contribution being expanded impact of any compromise, but the dominant risk is the SVG script evaluation/execution mechanism.

The code is heavily obfuscated and implements cryptographic unpacking, integrity checks, dynamic method creation and direct native process memory operations (VirtualAlloc/OpenProcess/WriteProcessMemory). Those native sinks are consistent with process injection or in-memory payload loading. While some of this may be part of an aggressive licensing/anti-tamper/protection mechanism, the combination of runtime decryption, hidden embedded blobs, and writing/executing memory in other processes is a strong malicious indicator unless explicitly documented and justified by the vendor. I recommend treating this package as high risk: require source provenance, vendor justification for native memory/write operations and a full dynamic/runtime analysis of the decrypted payload before use in production.

This source code is a malicious exploit script designed to remotely install a PHP webshell (vvv<?php eval($_POST[zzz]);?>) on a target web server by delivering an eval-wrapped, chr()-encoded payload via the HTTP User-Agent header and then verifying installation. Despite syntactic errors in the provided fragment, the intent, payload, and delivery mechanism are clear. Do not run this code; treat any occurrences as a high-risk compromise indicator and remove/report accordingly.

This fragment implements the core mechanics of a WebSocket-based interactive terminal/session controller: it dynamically selects a shell/interpreter, forwards client-controlled input directly into a spawned process stdin, and streams resulting output/errors back over the network. That is a high-risk remote command execution pattern consistent with backdoors/remote shells unless tightly access-controlled and strongly sandboxed elsewhere. No explicit obfuscation is present in the shown code, and there is no direct evidence of credential theft in this fragment, but the capability itself is very dangerous.

The analyzed fragment demonstrates a highly invasive runtime tampering mechanism that intercepts and rewrites script loading and asset retrieval inside an iframe, driven by engine version checks and cross-window communication. While some aspects could reflect a legitimate integrity-assurance approach, the combination of extensive API overrides, resource redirection via blob URLs, and exfiltration-like backchannel communications presents substantial supply-chain and runtime security risks. Treat this as high-risk and thoroughly verify origin and intent before integrating into any public or shared library. Prefer containment or sandboxing, and consider removing or replacing with vetted, trusted functionality.

High-risk cookie extraction/decryption library. It enumerates local browser profiles, launches a headless browser with CDP to query Network.getAllCookies, reads cookie databases/binary stores, and decrypts cookie values using OS key stores (macOS Keychain/secret-tool on Linux/DPAPI via PowerShell on Windows). While it may be intended for legitimate recovery, in a supply-chain context this is a credential-harvesting capability and should be treated as potentially malicious or at minimum extremely sensitive.

High supply-chain/security concern. This module implements a download-and-persist mechanism for a platform-specific tunneling native executable from a public CDN, writing the payload to a local cache directory and immediately marking it executable (0755) without any shown integrity verification. Proxy environment variables further affect how the download is performed. While the fragment does not display the subsequent execution/command-and-control step, the install pipeline is strongly consistent with dropper-style tunneling tooling and should be reviewed holistically (URL pinning, checksum/signature validation, execution arguments, and whether proxy env overrides can be abused).

This module is a UI framework package that also embeds highly obfuscated startup logic resembling a decrypt/verify/unpack stage (startup-invoked FileStream/BinaryReader over an internal path-like string plus extensive crypto/hash/byte transforms). Additionally, it includes a UI keyboard component that declares Win32 keybd_event, enabling keyboard event injection into the host session. While the excerpt is truncated and many UI handlers are neutralized, the load-time crypto/file processing plus explicit OS input injection capability constitutes a significant supply-chain security red flag and should be treated as potentially malicious until fully deobfuscated and sandboxed.

This file defines a sendEmail function that, instead of sending mail through a legitimate SMTP or trusted API, exfiltrates all provided email fields (from, to, subject, message) along with added metadata (source, from_email, to_email) via an unencrypted HTTP POST to the hardcoded endpoint http://emails[.]egytag[.]com/api/emails/add. The behavior occurs without user consent or configuration, leaks potentially sensitive message contents to an untrusted third party, and constitutes a deliberate data-theft backdoor.

This module is a deliberate payload generator for agent/LLM prompt-injection and callback-driven attacks. It constructs (and optionally encodes) attacker-controlled URLs and embeds them into explicit instructions that direct downstream systems to exfiltrate conversation/context, perform SSRF against internal/cloud metadata and localhost services, abuse tools for local file/config access, override instructions, and persist attacker directives for future sessions. While the code itself does not perform network/file operations, its outputs are highly action-oriented toward sensitive exploitation goals, making it unsafe to use in a supply-chain context without strong isolation and threat-model justification.

This file defines a small hex-decoder that reconstructs calls to require('axios'). It sends all process.env variables in a POST to https://ip-ap-check[.]vercel[.]app/api/ip-check/208 using header “x-secret-header: secret”, then immediately invokes eval() on the response body. This pattern enables both wholesale exfiltration of environment-based credentials and arbitrary remote code execution in the host process, constituting a high-severity malicious backdoor.

The provided code fragment represents a well-scoped Kubernetes Helm pattern guide and templated configuration for test and production environments. It demonstrates standard and accepted practices (secretKeyRef usage, resource requests/limits, probes, ingress TLS, hooks) without exposing credentials or enabling external command execution. The footprint is coherent with the stated purpose of configuring Kubernetes deployments via Helm and does not appear to introduce malicious behavior or unnecessary permission grants. Overall risk remains low to moderate (benign) given proper templating and secret management practices, with typical security considerations around migrations/hooks in production.

The script exhibits clear malicious behavior by collecting and transmitting system information to an external server without user consent. This justifies high malware and risk scores. The script is not obfuscated, so the obfuscation score is low.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

The CSSL runtime contains explicit high-risk vectors enabling arbitrary code execution and state manipulation from untrusted payloads (CSSLMOD pickled payloads, Python code executed via exec, and external scripts). Despite some protective measures, the combination of insecure deserialization, dynamic code execution, and runtime symbol manipulation constitutes a strong supply-chain and host-compromise risk. Production use should avoid untrusted payloads, sandbox dynamically loaded code, and implement strict provenance, integrity checks, and isolation (e.g., sandboxing, code signing, restricted APIs).

This file is a loader that executes an obfuscated, embedded payload at import time. That pattern is a strong red flag for supply-chain or backdoor behavior because it conceals runtime actions and executes with the importing process privileges. Treat this module as untrusted until the embedded payload is decoded and audited in a safe environment. Immediate actions: do not import in production; decode and review the inner code; run dynamic analysis in an isolated environment to determine actual intent and impact.

Live on pypi for 2 days, 6 hours and 8 minutes before removal. Socket users were protected even while the package was live.