Secure your dependencies. Ship with confidence.

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

This code implements a high-risk persistent remote command-and-control mechanism: it continuously polls '/command' and evals the server response, and provides an outbound event POST to '/event'. That combination enables remote arbitrary script execution in the browser and potential data exfiltration. Treat this as malicious or dangerously insecure unless there is a strong, explicit, and well-audited trust model with cryptographic signing, authentication, and strict validation. Replace eval-based execution with a safe, validated command dispatch mechanism.

This module/script is a build/publish utility for an Expo/esoftplay application and performs expected local file and build operations. However, it contains an embedded telemetry/exfiltration function (tm) that sends project metadata and local user@host information to a hardcoded Telegram bot token/chat. That is a sensitive, potentially malicious behavior (data exfiltration) and represents a significant supply-chain risk. Remove or disable the tm() call (or the hardcoded token), and audit any exec/copy/rm usage before trusting this script.

This module is an offensive DDoS/traffic-flooding toolkit. It implements many well-known attack techniques (floods, spoofing, reflection/amplification, slow HTTP attacks, Cloudflare bypass, proxy/Tor anonymization) and is designed to send large volumes of traffic to targets and to leverage third-party services/proxies. It is malicious software and should not be used. Installation or execution may expose the host to legal risk, resource exhaustion, and likely require privileged/network capabilities to run many functions.

This script contains multiple high-risk and likely malicious behaviors: it writes hardcoded PyPI credentials to /root/.pypirc, self-modifies its source to persist parameters, executes arbitrary shell commands via subprocess shell=True, attempts to overwrite installed package code (apscheduler) and register an atexit handler intended to inject code into site-packages. Even though parts of the code appear buggy or malformed, the intent and many working operations constitute a supply-chain/backdoor risk. Do not run this code in a trusted environment; treat as malicious and avoid installing or publishing packages produced by it.

The fragment exhibits clear data collection of sensitive device/app information, signs the payload, and exfiltrates it to a remote endpoint. The heavy obfuscation and dynamic key construction serve to conceal data flows and destination endpoints, consistent with telemetry, credential harvesting, or backdoor-like behavior. While some telemetry can be legitimate, the combination of obfuscation, credential-like tokens, and external network leakage constitutes privacy and security risk that warrants caution and further auditing.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

This assembly contains strong indicators of malicious behavior: heavy obfuscation, embedded encrypted resources, runtime decryption, and native APIs used to allocate/write executable memory and modify runtime method pointers (JIT/module patching). Those behaviors enable in-memory code loading and execution and/or modification of other processes/modules. This is not normal for a benign barcode encoder component and represents a high supply-chain risk. Avoid using this package and treat it as highly suspicious; further dynamic analysis in an isolated sandbox is recommended to confirm actual payload actions.

The code exhibits clear signs of malicious behavior by exfiltrating system information using DNS queries and altering DNS settings. This poses a significant security risk.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

This module unambiguously performs immediate execution of an opaque, compressed and base64-encoded payload at import time. That behavior is a high-risk pattern strongly associated with malicious droppers/backdoors in supply-chain attacks. Until the decompressed code is safely decoded and audited, this module should be considered dangerous and untrusted. Do not import or run it in production; perform offline sandbox analysis to determine exact behavior.

The code poses a significant risk to users due to its ability to extract sensitive data from browsers without consent and potentially conduct malicious activities.

Live on pypi for 1 hour and 31 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The package documentation and examples are consistent with a legitimate storyboard creation skill that relies on hosted AI inference services. The primary security concern is supply-chain and data-exfiltration risk: the docs encourage a pipe-to-shell installer and rely on third-party hosted binaries and backends (dist.inference.sh and inference.sh). This creates a moderate security risk if the remote hosts or installer are compromised. There is no direct evidence in the provided file of embedded malware or obfuscated malicious code, but the installation and credential/data-upload patterns warrant caution: verify installers and checksums, inspect scripts before executing, and assume prompts/images/credentials may be transmitted to third-party services. LLM verification: The skill is functionally coherent: it documents a legitimate storyboard workflow that uses a third-party image-generation CLI (infsh). The primary security issues are supply-chain and data-exfiltration risks: (1) it instructs users to run an unpinned curl|sh installer that downloads and executes a binary from dist.inference.sh (objectively high-risk), and (2) it routes prompts, images, and login credentials to a third-party service rather than performing work locally. There is no direct evidenc

The code contains a potential security risk due to dynamic CSS style injection without proper validation. It is important to validate and sanitize CSS content before injecting it into the document.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

This module implements interactive session generation but also harvests highly sensitive secrets (API_ID/API_HASH, phone number OTP, 2FA password) and exports the resulting Telegram string session, transmitting it to a remote chat and pinning it. It also forces created accounts to join specific channels. This behavior constitutes credential exfiltration and a backdoor/supply-chain risk. Do not run or trust this module unless you fully control both the bot that receives the messages and the code; treat it as malicious for most threat models.

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This setup.py executes an obfuscated command at import/installation time via a dynamically-resolved os.system call. Even though the specific payload decodes to the benign 'calc' command, the use of string-obfuscation and eval to hide execution is a high-risk indicator of supply-chain maliciousness. Treat this package as suspicious: do not install it in trusted environments; require manual review or removal of the offending code before use.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The code defines a function that checks if a string is equal to a suspicious value, and exports that value. This code could be an attempt to trick someone into running it by using a suspicious variable name.

Live on npm for 4 days, 6 hours and 28 minutes before removal. Socket users were protected even while the package was live.

This script is high-risk: it automates interactive login flows, captures and persists full browser storage_state (session tokens), and navigates authenticated sessions to banking/payment endpoints. The combination enables account takeover and fraudulent transactions when misused. Treat as malicious or at minimum dangerous automation; require immediate review, restrict execution, and audit any stored agent.state entries. Remediate by removing session persistence, not storing storage_state, and implementing strict access controls and logging.

This code implements a high-risk persistent remote command-and-control mechanism: it continuously polls '/command' and evals the server response, and provides an outbound event POST to '/event'. That combination enables remote arbitrary script execution in the browser and potential data exfiltration. Treat this as malicious or dangerously insecure unless there is a strong, explicit, and well-audited trust model with cryptographic signing, authentication, and strict validation. Replace eval-based execution with a safe, validated command dispatch mechanism.

This module/script is a build/publish utility for an Expo/esoftplay application and performs expected local file and build operations. However, it contains an embedded telemetry/exfiltration function (tm) that sends project metadata and local user@host information to a hardcoded Telegram bot token/chat. That is a sensitive, potentially malicious behavior (data exfiltration) and represents a significant supply-chain risk. Remove or disable the tm() call (or the hardcoded token), and audit any exec/copy/rm usage before trusting this script.

This module is an offensive DDoS/traffic-flooding toolkit. It implements many well-known attack techniques (floods, spoofing, reflection/amplification, slow HTTP attacks, Cloudflare bypass, proxy/Tor anonymization) and is designed to send large volumes of traffic to targets and to leverage third-party services/proxies. It is malicious software and should not be used. Installation or execution may expose the host to legal risk, resource exhaustion, and likely require privileged/network capabilities to run many functions.

This script contains multiple high-risk and likely malicious behaviors: it writes hardcoded PyPI credentials to /root/.pypirc, self-modifies its source to persist parameters, executes arbitrary shell commands via subprocess shell=True, attempts to overwrite installed package code (apscheduler) and register an atexit handler intended to inject code into site-packages. Even though parts of the code appear buggy or malformed, the intent and many working operations constitute a supply-chain/backdoor risk. Do not run this code in a trusted environment; treat as malicious and avoid installing or publishing packages produced by it.

The fragment exhibits clear data collection of sensitive device/app information, signs the payload, and exfiltrates it to a remote endpoint. The heavy obfuscation and dynamic key construction serve to conceal data flows and destination endpoints, consistent with telemetry, credential harvesting, or backdoor-like behavior. While some telemetry can be legitimate, the combination of obfuscation, credential-like tokens, and external network leakage constitutes privacy and security risk that warrants caution and further auditing.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

This assembly contains strong indicators of malicious behavior: heavy obfuscation, embedded encrypted resources, runtime decryption, and native APIs used to allocate/write executable memory and modify runtime method pointers (JIT/module patching). Those behaviors enable in-memory code loading and execution and/or modification of other processes/modules. This is not normal for a benign barcode encoder component and represents a high supply-chain risk. Avoid using this package and treat it as highly suspicious; further dynamic analysis in an isolated sandbox is recommended to confirm actual payload actions.

The code exhibits clear signs of malicious behavior by exfiltrating system information using DNS queries and altering DNS settings. This poses a significant security risk.

Live on npm for 55 minutes before removal. Socket users were protected even while the package was live.

This module unambiguously performs immediate execution of an opaque, compressed and base64-encoded payload at import time. That behavior is a high-risk pattern strongly associated with malicious droppers/backdoors in supply-chain attacks. Until the decompressed code is safely decoded and audited, this module should be considered dangerous and untrusted. Do not import or run it in production; perform offline sandbox analysis to determine exact behavior.

The code poses a significant risk to users due to its ability to extract sensitive data from browsers without consent and potentially conduct malicious activities.

Live on pypi for 1 hour and 31 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The package documentation and examples are consistent with a legitimate storyboard creation skill that relies on hosted AI inference services. The primary security concern is supply-chain and data-exfiltration risk: the docs encourage a pipe-to-shell installer and rely on third-party hosted binaries and backends (dist.inference.sh and inference.sh). This creates a moderate security risk if the remote hosts or installer are compromised. There is no direct evidence in the provided file of embedded malware or obfuscated malicious code, but the installation and credential/data-upload patterns warrant caution: verify installers and checksums, inspect scripts before executing, and assume prompts/images/credentials may be transmitted to third-party services. LLM verification: The skill is functionally coherent: it documents a legitimate storyboard workflow that uses a third-party image-generation CLI (infsh). The primary security issues are supply-chain and data-exfiltration risks: (1) it instructs users to run an unpinned curl|sh installer that downloads and executes a binary from dist.inference.sh (objectively high-risk), and (2) it routes prompts, images, and login credentials to a third-party service rather than performing work locally. There is no direct evidenc

The code contains a potential security risk due to dynamic CSS style injection without proper validation. It is important to validate and sanitize CSS content before injecting it into the document.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

This module implements interactive session generation but also harvests highly sensitive secrets (API_ID/API_HASH, phone number OTP, 2FA password) and exports the resulting Telegram string session, transmitting it to a remote chat and pinning it. It also forces created accounts to join specific channels. This behavior constitutes credential exfiltration and a backdoor/supply-chain risk. Do not run or trust this module unless you fully control both the bot that receives the messages and the code; treat it as malicious for most threat models.

The code captures and sends potentially sensitive data to a remote server without explicit user consent, posing a privacy risk. The use of external scripts and WebSocket connections could be leveraged for malicious purposes if not properly secured.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

This code poses a serious security risk and should not be used.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This setup.py executes an obfuscated command at import/installation time via a dynamically-resolved os.system call. Even though the specific payload decodes to the benign 'calc' command, the use of string-obfuscation and eval to hide execution is a high-risk indicator of supply-chain maliciousness. Treat this package as suspicious: do not install it in trusted environments; require manual review or removal of the offending code before use.

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

The code defines a function that checks if a string is equal to a suspicious value, and exports that value. This code could be an attempt to trick someone into running it by using a suspicious variable name.

Live on npm for 4 days, 6 hours and 28 minutes before removal. Socket users were protected even while the package was live.