Secure your dependencies. Ship with confidence.

This module is an exploit/proof-of-concept that attempts to create a user on Apache Jetspeed and set roles='admin'. It performs active network writes to the target and returns credentials to the caller. It disables TLS verification, contains a redundant request and a fatal typo ('return Fals'), and uses coarse exception handling. Treat this code as malicious/exploitative when used against systems without authorization. Do not run against systems you do not own or have explicit permission to test.

This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code includes malicious functionality that compresses and uploads Telegram data to a chat using a bot API, indicating unauthorized data exfiltration. This poses a significant security risk.

Live on pypi for 9 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This script automatically downloads a JetBrains plugin from a hardcoded external URL (https://cloud[.]iflow[.]cn/iflow-cli/iflow-idea-0[.]0[.]2[.]zip) and extracts it directly into local JetBrains IDE plugins directories without explicit user consent. The code fails to perform cryptographic verification (such as signature or hash checks) of the downloaded ZIP archive before extraction. Furthermore, it aggressively deletes existing plugin directories with the same target name before installation. This automated, unverified download and installation behavior poses a significant security risk, as it allows arbitrary code to be executed within the developer's IDE context, acting as a secondary payload delivery mechanism commonly seen in supply-chain malware.

The file performs immediate, unconditional transmission of local environment and package metadata to a hard-coded external HTTPS host when the module is required. This behavior leaks potentially sensitive identifiers (home directory, hostname, username, DNS servers, and entire package.json) without user consent and constitutes a supply-chain security risk. The code should be considered suspicious; if present in a dependency it warrants removal, rollback, or deeper investigation. Recommend treating as malicious/spyware-like behavior in the context of a reusable Node module.

Live on npm for 3 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The script performs deliberate, unguarded destructive changes to repository files: it deletes infra/control/verify.go and removes lines containing 'VSign' from go.mod. These operations can disable verification logic or remove dependency declarations and are risky to run, especially in automated contexts. Treat as high-risk: review version control history and author intent before executing; do not run in CI or production without validation and backups.

The code exhibits suspicious behavior by sending userId data to a hardcoded external IP address over unencrypted HTTP without authentication or user consent. This pattern is indicative of potential data exfiltration or privacy violation, which aligns with malware-like behavior. While the code itself is not obfuscated and does not contain explicit backdoors or credential leaks, the hardcoded external endpoint and silent error handling increase the security risk. Overall, this code should be treated as high risk and potentially malicious.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This script is malicious and designed for data theft. It implements a blind SQL injection oracle against /check-resolve to reconstruct values from the 'security' table and exfiltrates the collected data to a hard-coded external webhook. The redirect to a local port when not on localhost suggests additional staged or pivot behavior. Do not execute or deploy this code; block and remove it, investigate calls to /check-resolve and the webhook URL in logs, and audit the server endpoint for SQL injection vulnerabilities.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 1 day, 13 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

[Skill Scanner] Pipe-to-shell or eval pattern detected LOW TO MODERATE RISK (Operational/Data-exfiltration concerns). The package content is documentation and examples intended for email design and image generation; there is no direct evidence of embedded malware. However, the documented install and runtime patterns (curl | sh installer, sending raw HTML/prompts to remote inference endpoints, and broad CLI permissions) create significant supply-chain and data-leak risks. Treat the remote CLI and inference endpoints as untrusted until the provider and installer are vetted. Recommended actions: do not run curl | sh without verification, review the infsh CLI source before use, sanitize any sensitive data before sending to remote services, and prefer verified installers or sandboxed execution. LLM verification: Functionally the skill matches its stated purpose, but it relies on a remote, opaque CLI and cloud services and uses a high-risk installation pattern (curl | sh). This raises supply-chain, credential, and data-exfiltration concerns. Before use, operators should: obtain and audit the CLI source or install via a verified package release; avoid piping unknown scripts to shell; confirm where credentials and tokens are stored and whether data sent to remote services is encrypted and retained; and pre

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The module is a legitimate Google Maps Platform CLI/agent skill with powerful features that require a Google API key and can automate API enablement in a user's GCP Console. I found no evidence of intentional malicious behavior, obfuscation, or exfiltration to non-Google domains. Primary security concerns are accidental: (1) Playwright-driven automation of the Google Cloud Console can perform privileged changes and must require explicit, per-action consent and visible project selection; (2) improper handling or embedding of API keys (unrestricted single key, client-side injection) can lead to key exposure and billing abuse. Recommended safeguards: default to zero-key embed HTML, require explicit prompts/confirmations before any automated console actions (including a clear list of APIs to be enabled and target project shown), instruct and enforce API key restrictions (API-level, referrer/IP), prefer backend-proxy patterns for production, and avoid batch enablement without explicit, per-API confirmation. LLM verification: This document is a comprehensive, security-conscious specification and user guide for a Google Maps Platform CLI/AI agent skill. There is no evidence in the provided text of malware, obfuscation, or remote code execution. The primary security concerns are operational: accidental or intentional exposure of API keys (especially if users opt into Maps JS embedding), and the high-impact Playwright automation that can enable APIs in a user's Google Cloud project. Without the actual gmaps.py implement

This file contains code that reverses a string, decodes it from base64, decompresses it with zlib, and then executes it via exec(). Such obfuscation is a common tactic in malicious scripts to hide their true functionality, which can include data exfiltration, system compromise, or other unauthorized activities. No specific domain or IP address references were found in the decoded payload, but the obfuscation strongly indicates malicious intent.

This code is malicious: it intentionally reads a sensitive local file and exfiltrates its contents by encoding chunks into DNS queries to an attacker-controlled domain. Treat as a high-risk backdoor/exfiltration component; remove and investigate affected hosts. Patch systems to block or monitor suspicious outbound DNS queries and audit execution context that ran this code.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code is designed to execute shell commands based on a schedule. While there's no direct evidence of malicious intent, the use of 'shell=True' in subprocess.run poses a significant security risk if untrusted inputs are used. This could potentially be exploited for arbitrary command execution.

Live on pypi for 1 minute before removal. Socket users were protected even while the package was live.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 1 hour and 31 minutes before removal. Socket users were protected even while the package was live.

This code fragment contains highly obfuscated JavaScript that executes arbitrary shell commands using child_process.exec on an untrusted input string parameter, without any sanitization or validation. This poses a significant security risk as it enables command injection, allowing an attacker to run any system command. The ability to execute arbitrary commands is itself a high risk and is used for malicious purposes. Therefore, this module is considered unsafe and malicious in the context of supply chain security.

Live on npm for 1 day, 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information like hostname, IP addresses, system path, public IP, username, and package name, and sends it to a remote server. Additionally, an API key for ip2location.io is exposed in the code.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 1 day, 6 hours and 22 minutes before removal. Socket users were protected even while the package was live.

This module is an exploit/proof-of-concept that attempts to create a user on Apache Jetspeed and set roles='admin'. It performs active network writes to the target and returns credentials to the caller. It disables TLS verification, contains a redundant request and a fatal typo ('return Fals'), and uses coarse exception handling. Treat this code as malicious/exploitative when used against systems without authorization. Do not run against systems you do not own or have explicit permission to test.

This module contains malicious code designed to hijack cryptocurrency transactions on HyperLiquid-based decentralized applications. It activates only on specific sites and employs aggressive runtime patching: it pollutes the global `Object.prototype` to intercept `useContext` calls and overrides `Object.keys`. These hooks inspect in-memory objects for order-related structures (checking for specific fields like `hyperliquid.order_type` or order arrays). When a matching order object is found, the code silently mutates it to inject a `builder` field containing a hardcoded address and fee rate. This behavior effectively diverts trading fees or affiliate rewards to the malicious actor.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code includes malicious functionality that compresses and uploads Telegram data to a chat using a bot API, indicating unauthorized data exfiltration. This poses a significant security risk.

Live on pypi for 9 hours and 17 minutes before removal. Socket users were protected even while the package was live.

This script automatically downloads a JetBrains plugin from a hardcoded external URL (https://cloud[.]iflow[.]cn/iflow-cli/iflow-idea-0[.]0[.]2[.]zip) and extracts it directly into local JetBrains IDE plugins directories without explicit user consent. The code fails to perform cryptographic verification (such as signature or hash checks) of the downloaded ZIP archive before extraction. Furthermore, it aggressively deletes existing plugin directories with the same target name before installation. This automated, unverified download and installation behavior poses a significant security risk, as it allows arbitrary code to be executed within the developer's IDE context, acting as a secondary payload delivery mechanism commonly seen in supply-chain malware.

The file performs immediate, unconditional transmission of local environment and package metadata to a hard-coded external HTTPS host when the module is required. This behavior leaks potentially sensitive identifiers (home directory, hostname, username, DNS servers, and entire package.json) without user consent and constitutes a supply-chain security risk. The code should be considered suspicious; if present in a dependency it warrants removal, rollback, or deeper investigation. Recommend treating as malicious/spyware-like behavior in the context of a reusable Node module.

Live on npm for 3 hours and 24 minutes before removal. Socket users were protected even while the package was live.

The script performs deliberate, unguarded destructive changes to repository files: it deletes infra/control/verify.go and removes lines containing 'VSign' from go.mod. These operations can disable verification logic or remove dependency declarations and are risky to run, especially in automated contexts. Treat as high-risk: review version control history and author intent before executing; do not run in CI or production without validation and backups.

The code exhibits suspicious behavior by sending userId data to a hardcoded external IP address over unencrypted HTTP without authentication or user consent. This pattern is indicative of potential data exfiltration or privacy violation, which aligns with malware-like behavior. While the code itself is not obfuscated and does not contain explicit backdoors or credential leaks, the hardcoded external endpoint and silent error handling increase the security risk. Overall, this code should be treated as high risk and potentially malicious.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

This script is malicious and designed for data theft. It implements a blind SQL injection oracle against /check-resolve to reconstruct values from the 'security' table and exfiltrates the collected data to a hard-coded external webhook. The redirect to a local port when not on localhost suggests additional staged or pivot behavior. Do not execute or deploy this code; block and remove it, investigate calls to /check-resolve and the webhook URL in logs, and audit the server endpoint for SQL injection vulnerabilities.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

Live on npm for 1 day, 13 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

[Skill Scanner] Pipe-to-shell or eval pattern detected LOW TO MODERATE RISK (Operational/Data-exfiltration concerns). The package content is documentation and examples intended for email design and image generation; there is no direct evidence of embedded malware. However, the documented install and runtime patterns (curl | sh installer, sending raw HTML/prompts to remote inference endpoints, and broad CLI permissions) create significant supply-chain and data-leak risks. Treat the remote CLI and inference endpoints as untrusted until the provider and installer are vetted. Recommended actions: do not run curl | sh without verification, review the infsh CLI source before use, sanitize any sensitive data before sending to remote services, and prefer verified installers or sandboxed execution. LLM verification: Functionally the skill matches its stated purpose, but it relies on a remote, opaque CLI and cloud services and uses a high-risk installation pattern (curl | sh). This raises supply-chain, credential, and data-exfiltration concerns. Before use, operators should: obtain and audit the CLI source or install via a verified package release; avoid piping unknown scripts to shell; confirm where credentials and tokens are stored and whether data sent to remote services is encrypted and retained; and pre

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The module is a legitimate Google Maps Platform CLI/agent skill with powerful features that require a Google API key and can automate API enablement in a user's GCP Console. I found no evidence of intentional malicious behavior, obfuscation, or exfiltration to non-Google domains. Primary security concerns are accidental: (1) Playwright-driven automation of the Google Cloud Console can perform privileged changes and must require explicit, per-action consent and visible project selection; (2) improper handling or embedding of API keys (unrestricted single key, client-side injection) can lead to key exposure and billing abuse. Recommended safeguards: default to zero-key embed HTML, require explicit prompts/confirmations before any automated console actions (including a clear list of APIs to be enabled and target project shown), instruct and enforce API key restrictions (API-level, referrer/IP), prefer backend-proxy patterns for production, and avoid batch enablement without explicit, per-API confirmation. LLM verification: This document is a comprehensive, security-conscious specification and user guide for a Google Maps Platform CLI/AI agent skill. There is no evidence in the provided text of malware, obfuscation, or remote code execution. The primary security concerns are operational: accidental or intentional exposure of API keys (especially if users opt into Maps JS embedding), and the high-impact Playwright automation that can enable APIs in a user's Google Cloud project. Without the actual gmaps.py implement

This file contains code that reverses a string, decodes it from base64, decompresses it with zlib, and then executes it via exec(). Such obfuscation is a common tactic in malicious scripts to hide their true functionality, which can include data exfiltration, system compromise, or other unauthorized activities. No specific domain or IP address references were found in the decoded payload, but the obfuscation strongly indicates malicious intent.

This code is malicious: it intentionally reads a sensitive local file and exfiltrates its contents by encoding chunks into DNS queries to an attacker-controlled domain. Treat as a high-risk backdoor/exfiltration component; remove and investigate affected hosts. Patch systems to block or monitor suspicious outbound DNS queries and audit execution context that ran this code.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code is designed to execute shell commands based on a schedule. While there's no direct evidence of malicious intent, the use of 'shell=True' in subprocess.run poses a significant security risk if untrusted inputs are used. This could potentially be exploited for arbitrary command execution.

Live on pypi for 1 minute before removal. Socket users were protected even while the package was live.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 1 hour and 31 minutes before removal. Socket users were protected even while the package was live.

This code fragment contains highly obfuscated JavaScript that executes arbitrary shell commands using child_process.exec on an untrusted input string parameter, without any sanitization or validation. This poses a significant security risk as it enables command injection, allowing an attacker to run any system command. The ability to execute arbitrary commands is itself a high risk and is used for malicious purposes. Therefore, this module is considered unsafe and malicious in the context of supply chain security.

Live on npm for 1 day, 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The script collects sensitive information like hostname, IP addresses, system path, public IP, username, and package name, and sends it to a remote server. Additionally, an API key for ip2location.io is exposed in the code.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 1 day, 6 hours and 22 minutes before removal. Socket users were protected even while the package was live.