Secure your dependencies. Ship with confidence.

This module uses atob to decode three base64-encoded environment variables (DEV_API_KEY, DEV_SECRET_KEY, DEV_SECRET_VALUE) into a remote URL and HTTP header name/value. It then performs an axios GET to that URL with the decoded header. The response’s data.cookie field is treated as JavaScript source, compiled via new Function.constructor('require', …), and invoked immediately with Node’s require injected—granting the fetched code full access to filesystem, network, child processes, credentials, etc. The code also saves and restores console.log around execution (to hide output) and silently retries up to five times on errors. This is a classic remote code execution backdoor, posing an immediate and severe supply-chain risk. Remove or quarantine this module and audit the environment variable configuration and remote endpoint. Supply-chain controls (signed payloads, pinned URLs, disabling runtime evaluation) are strongly recommended.

The fragment appears to implement a browser-based remote session/control surface that captures user input and forwards it to a remote host, with session lifecycle management and remote-render updates. While such functionality can be legitimate for authorized remote-management tools, the pattern poses data-exposure and credential-usage risks, especially given localStorage-based tokens and heavy obfuscation. Key risk mitigations include strict authentication/authorization, encrypted transport, explicit user consent, minimal token exposure, auditable telemetry, and a security review of the remote endpoints and dynamic module loading paths. Overall, this is a medium-to-high risk component in a supply chain context if not clearly sanctioned and properly secured.

This code is strongly indicative of malicious intent: it creates a user-level Startup-folder VBScript that executes an arbitrary cmd /c command with output redirected to a caller-controlled path, launches it detached with suppressed IO, and can remove the artifact. This is consistent with persistence/backdoor tooling and should be treated as high risk unless there is a clearly documented legitimate installer/management purpose with strict input controls.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

There is no clear evidence of deliberately malicious code in this file, but it contains multiple high-risk patterns that can easily be abused: executing arbitrary AI-generated shell commands with shell=True, missing safety checks (is_command_safe imported but unused), excessive automatic retries, and inconsistent API key handling. These make the module a significant security risk in practice and susceptible to supply-chain or AI-manipulation attacks. Treat this package as potentially dangerous until proper validation, confirmation, and sandboxing are implemented.

Live on pypi for 8 hours and 1 minute before removal. Socket users were protected even while the package was live.

Functionally this is a profile/settings frontend component set. The code itself implements expected UI behaviors (password change, token management, push subscription, theme and locale selection). However, multiple hard-coded references to smartautomatic.duckdns.org:8091 and a nonstandard auth provider identifier 'smartautomatic' strongly indicate supply-chain tampering: documentation links and provider-related flows were redirected to an external duckdns host. While the snippet contains no explicit eval/remote-code-exec payloads, redirecting sensitive actions or docs to an attacker-controlled domain can enable phishing and credential capture. Treat this package as compromised until provenance is verified; block or audit the referenced domains, restore from a verified upstream release, and rotate any credentials/tokens that may have been handled while this code was in use.

This module purposefully enables command execution and remote downloads during LaTeX rendering. The transformation that replaces \includegraphics{http...} with a write18 wget call and the use of pdflatex --shell-escape are unsafe when any part of the LaTeX input (exam or subs) is or can be attacker-controlled. The code permits arbitrary command execution and network fetches with no sanitization or sandboxing — a high-risk behavior in a supply-chain context. Do not run this on untrusted input; if retained, restrict inputs strictly or remove the write18/wget mechanism and avoid --shell-escape. Use subprocess with sanitized args and sandboxing instead.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on pypi for 5 days, 5 hours and 19 minutes before removal. Socket users were protected even while the package was live.

The code dynamically downloads files from a URL, interacts with the system environment, and prompts the user for input, introducing security risks. There is a potential risk of downloading malicious content from the URL or executing unwanted actions based on user input. Caution is advised when using this code.

The code implements a runtime decrypt-and-eval loader: a large embedded base64 blob is decrypted using an external secret and executed with eval, and the decrypted code appears intended to populate module exports. This design hides the real behavior from static review and enables arbitrary actions at runtime (exfiltration, backdoors, environment tampering, etc.). The error path leaks portions of the decryption secret to logs and the module exits on failure. Treat this package as high risk; inspect the decryption setup and decrypted payload in a safe, isolated environment before use, and prefer packages that publish auditable source.

The script is malicious as it exfiltrates sensitive environment variable data to an external server without user consent, posing a high security risk.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

This module is primarily a React wrapper that unconditionally injects and executes a remote JavaScript file from a hardcoded external IP over plain HTTP. The lack of HTTPS and integrity pinning (SRI/allowlisting) makes it vulnerable to MITM and remote-code tampering, and it enables arbitrary script execution in the client. ExampleComponent appears benign, but SwirlComponent represents a high security-risk supply-chain/runtime pattern.

This code is highly indicative of malicious exploitation tooling. It performs targeted WordPress recon, then generates an encoded JavaScript-in-URL payload intended to execute on a victim/admin browser session and create a new administrator account by extracting a WordPress nonce and submitting a forged createuser POST to wp-admin/user-new.php. It also embeds a hardcoded password and prints a ready-to-deliver exploit URL. Although the snippet contains apparent syntax/logic errors that may break execution as written, the malicious intent and attack chain are explicit.

This source code is malicious. It performs stealthy data exfiltration of sensitive system and environment information to a suspicious hardcoded IP address. The evasion techniques and randomized network behavior indicate intentional concealment. This represents a serious security and privacy risk and should be flagged as high severity malware.

Live on npm for 6 days, 19 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk command-and-control agent frontend. Functionality includes forwarding arbitrary HTTP JSON payloads into an internal delivery/routing system (pass_packet), reading and optionally decrypting local agent logs and returning them over HTTP, and enumerating local agent directories. If an attacker can present a valid TLS client certificate (or if TLS client-auth is misconfigured), they can inject commands into the agent network and exfiltrate logs. The code itself contains no obfuscated malware but implements C2 functionality which can be abused and should be treated as malicious if present in an environment where such capabilities are not intended. Recommend restricting access (network and TLS client certificates), auditing use of ENCRYPTION_CONFIG keys, removing sys.path inserts from untrusted environment variables, and adding strict application-level authentication and input validation.

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

This script exfiltrates environment variables, user and system information, and other data to a remote server at hxxp://cv09o6418pa9k9l0fovg7q9ze9qb9sziu[.]oast[.]me. It collects the hostname, current user, environment variables, and the /etc/passwd file, posing a serious risk of credential theft and unauthorized exposure of system details.

Live on npm for 19 days, 6 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This module is an explicit ARP poisoning / MITM tool. It forges ARP replies to poison victim and gateway ARP caches and enables kernel IP forwarding to allow traffic relay through the attacker host. The code contains a logic bug in the poisoning loop (self.runtime not decremented) and lacks input validation and privilege checks. There is no hidden obfuscation or direct data-exfiltration payload in this file, but the functionality is malicious in network context and should only be used with explicit authorization in controlled testing environments. Avoid using in production or on networks you do not own/authorize.

This component is a highly-obfuscated runtime loader/patcher that decrypts embedded data and modifies process memory and CLR/JIT function pointers to load and execute code in-memory. Those behaviors are strongly associated with malicious loaders (in-memory code injection, process patching, and potential backdoor/implant activity). It is unsafe to use without a full provenance/trust assessment; treat as malicious or extremely high risk.

This module uses atob to decode three base64-encoded environment variables (DEV_API_KEY, DEV_SECRET_KEY, DEV_SECRET_VALUE) into a remote URL and HTTP header name/value. It then performs an axios GET to that URL with the decoded header. The response’s data.cookie field is treated as JavaScript source, compiled via new Function.constructor('require', …), and invoked immediately with Node’s require injected—granting the fetched code full access to filesystem, network, child processes, credentials, etc. The code also saves and restores console.log around execution (to hide output) and silently retries up to five times on errors. This is a classic remote code execution backdoor, posing an immediate and severe supply-chain risk. Remove or quarantine this module and audit the environment variable configuration and remote endpoint. Supply-chain controls (signed payloads, pinned URLs, disabling runtime evaluation) are strongly recommended.

The fragment appears to implement a browser-based remote session/control surface that captures user input and forwards it to a remote host, with session lifecycle management and remote-render updates. While such functionality can be legitimate for authorized remote-management tools, the pattern poses data-exposure and credential-usage risks, especially given localStorage-based tokens and heavy obfuscation. Key risk mitigations include strict authentication/authorization, encrypted transport, explicit user consent, minimal token exposure, auditable telemetry, and a security review of the remote endpoints and dynamic module loading paths. Overall, this is a medium-to-high risk component in a supply chain context if not clearly sanctioned and properly secured.

This code is strongly indicative of malicious intent: it creates a user-level Startup-folder VBScript that executes an arbitrary cmd /c command with output redirected to a caller-controlled path, launches it detached with suppressed IO, and can remove the artifact. This is consistent with persistence/backdoor tooling and should be treated as high risk unless there is a clearly documented legitimate installer/management purpose with strict input controls.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

There is no clear evidence of deliberately malicious code in this file, but it contains multiple high-risk patterns that can easily be abused: executing arbitrary AI-generated shell commands with shell=True, missing safety checks (is_command_safe imported but unused), excessive automatic retries, and inconsistent API key handling. These make the module a significant security risk in practice and susceptible to supply-chain or AI-manipulation attacks. Treat this package as potentially dangerous until proper validation, confirmation, and sandboxing are implemented.

Live on pypi for 8 hours and 1 minute before removal. Socket users were protected even while the package was live.

Functionally this is a profile/settings frontend component set. The code itself implements expected UI behaviors (password change, token management, push subscription, theme and locale selection). However, multiple hard-coded references to smartautomatic.duckdns.org:8091 and a nonstandard auth provider identifier 'smartautomatic' strongly indicate supply-chain tampering: documentation links and provider-related flows were redirected to an external duckdns host. While the snippet contains no explicit eval/remote-code-exec payloads, redirecting sensitive actions or docs to an attacker-controlled domain can enable phishing and credential capture. Treat this package as compromised until provenance is verified; block or audit the referenced domains, restore from a verified upstream release, and rotate any credentials/tokens that may have been handled while this code was in use.

This module purposefully enables command execution and remote downloads during LaTeX rendering. The transformation that replaces \includegraphics{http...} with a write18 wget call and the use of pdflatex --shell-escape are unsafe when any part of the LaTeX input (exam or subs) is or can be attacker-controlled. The code permits arbitrary command execution and network fetches with no sanitization or sandboxing — a high-risk behavior in a supply-chain context. Do not run this on untrusted input; if retained, restrict inputs strictly or remove the write18/wget mechanism and avoid --shell-escape. Use subprocess with sanitized args and sandboxing instead.

The module contains high-risk operations: executing arbitrary shell commands via subprocess with shell=True and writing/appending to files without validation. If the steps JSON or the user input is untrusted, an attacker can achieve remote code execution, modify arbitrary files, and change process state (cwd). There are no signs of network exfiltration or hardcoded credentials in this fragment, but the command execution sink is sufficient to escalate to any of those behaviors if exploited. Recommendation: treat inputs (steps, file names, user-provided suggested commands) as untrusted; remove shell=True or use argument lists, validate and canonicalize file paths, avoid executing suggested commands automatically, and employ strict prompting and auditing. Overall this code is not itself evidently obfuscated or explicitly malicious, but it poses a significant supply-chain/runtime risk when given untrusted instructions.

Live on pypi for 5 days, 5 hours and 19 minutes before removal. Socket users were protected even while the package was live.

The code dynamically downloads files from a URL, interacts with the system environment, and prompts the user for input, introducing security risks. There is a potential risk of downloading malicious content from the URL or executing unwanted actions based on user input. Caution is advised when using this code.

The code implements a runtime decrypt-and-eval loader: a large embedded base64 blob is decrypted using an external secret and executed with eval, and the decrypted code appears intended to populate module exports. This design hides the real behavior from static review and enables arbitrary actions at runtime (exfiltration, backdoors, environment tampering, etc.). The error path leaks portions of the decryption secret to logs and the module exits on failure. Treat this package as high risk; inspect the decryption setup and decrypted payload in a safe, isolated environment before use, and prefer packages that publish auditable source.

The script is malicious as it exfiltrates sensitive environment variable data to an external server without user consent, posing a high security risk.

Live on npm for 33 minutes before removal. Socket users were protected even while the package was live.

Best matching report: Report 3 (most complete and correctly identifies the disruption/uninstall pattern). The improved assessment is that this snippet is a high-impact, unguarded teardown script that deletes systemd unit definitions and application configuration, removes specific network interfaces, and stops/removes containers and persistent Docker volumes. That strongly endangers availability and data integrity in a supply-chain context, but the fragment alone does not prove credential theft/exfiltration; therefore malware intent is not certain, though security risk is very high.

This module is primarily a React wrapper that unconditionally injects and executes a remote JavaScript file from a hardcoded external IP over plain HTTP. The lack of HTTPS and integrity pinning (SRI/allowlisting) makes it vulnerable to MITM and remote-code tampering, and it enables arbitrary script execution in the client. ExampleComponent appears benign, but SwirlComponent represents a high security-risk supply-chain/runtime pattern.

This code is highly indicative of malicious exploitation tooling. It performs targeted WordPress recon, then generates an encoded JavaScript-in-URL payload intended to execute on a victim/admin browser session and create a new administrator account by extracting a WordPress nonce and submitting a forged createuser POST to wp-admin/user-new.php. It also embeds a hardcoded password and prints a ready-to-deliver exploit URL. Although the snippet contains apparent syntax/logic errors that may break execution as written, the malicious intent and attack chain are explicit.

This source code is malicious. It performs stealthy data exfiltration of sensitive system and environment information to a suspicious hardcoded IP address. The evasion techniques and randomized network behavior indicate intentional concealment. This represents a serious security and privacy risk and should be flagged as high severity malware.

Live on npm for 6 days, 19 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script is exfiltrating sensitive system information to an external server, which is indicative of malicious behavior. The use of base64 encoding is a minimal form of obfuscation. The risk associated with this script is high due to the potential for data theft and unauthorized data transmission.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk command-and-control agent frontend. Functionality includes forwarding arbitrary HTTP JSON payloads into an internal delivery/routing system (pass_packet), reading and optionally decrypting local agent logs and returning them over HTTP, and enumerating local agent directories. If an attacker can present a valid TLS client certificate (or if TLS client-auth is misconfigured), they can inject commands into the agent network and exfiltrate logs. The code itself contains no obfuscated malware but implements C2 functionality which can be abused and should be treated as malicious if present in an environment where such capabilities are not intended. Recommend restricting access (network and TLS client certificates), auditing use of ENCRYPTION_CONFIG keys, removing sys.path inserts from untrusted environment variables, and adding strict application-level authentication and input validation.

This module is functionally a supervisor that uses pickle-based serialization over ZeroMQ. The code contains high-risk unsafe deserialization: it accepts pickle-formatted data from sockets (recv_multipart / recv_pyobj) and unpickles it without validation, then performs dynamic dispatch based on untrusted data. The temporary monkey-patch of torch.storage._load_from_bytes inside pickle_loads increases the attack surface for malicious payloads that embed torch storage objects. There are no authentication or integrity checks on incoming messages. Therefore the code is unsafe to use in untrusted-network environments: an attacker who can send messages to the supervisor sockets (or control SUPERVISOR_PIPE/SUPERVISOR_IDENT) can achieve remote code execution. No other explicit exfiltration, cryptomining, or backdoor code is present in this fragment, but the deserialization pattern makes arbitrary malicious behavior possible.

This script exfiltrates environment variables, user and system information, and other data to a remote server at hxxp://cv09o6418pa9k9l0fovg7q9ze9qb9sziu[.]oast[.]me. It collects the hostname, current user, environment variables, and the /etc/passwd file, posing a serious risk of credential theft and unauthorized exposure of system details.

Live on npm for 19 days, 6 hours and 52 minutes before removal. Socket users were protected even while the package was live.

This module is an explicit ARP poisoning / MITM tool. It forges ARP replies to poison victim and gateway ARP caches and enables kernel IP forwarding to allow traffic relay through the attacker host. The code contains a logic bug in the poisoning loop (self.runtime not decremented) and lacks input validation and privilege checks. There is no hidden obfuscation or direct data-exfiltration payload in this file, but the functionality is malicious in network context and should only be used with explicit authorization in controlled testing environments. Avoid using in production or on networks you do not own/authorize.

This component is a highly-obfuscated runtime loader/patcher that decrypts embedded data and modifies process memory and CLR/JIT function pointers to load and execute code in-memory. Those behaviors are strongly associated with malicious loaders (in-memory code injection, process patching, and potential backdoor/implant activity). It is unsafe to use without a full provenance/trust assessment; treat as malicious or extremely high risk.