Secure your dependencies. Ship with confidence.

This module exposes a high-risk, likely malicious behavior: a web endpoint that accepts a PID, probes the corresponding TTY, uses AppleScript to read macOS Terminal tab command history, and returns that history to the requester. It also performs shell command execution with request-influenced string interpolation (`execSync`), increasing exploitability. Overall, it is strongly consistent with spyware/session/credential-command-history harvesting rather than benign functionality.

This module is a tampered CryptoJS-like library that embeds an encoded script inside the `Hasher.cfg.iv` and executes it at runtime via `new Function(...); seedFunction();` whenever the hashing helper is used. The embedded payload includes capabilities associated with malware staging (network download, filesystem write, and process execution). Treat the package as malicious/supply-chain compromised and do not use it.

Live on npm for 1 day, 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

The script implements an aggressive Windows-only cleanup/kill utility that terminates other Node/npm processes and removes a targeted module directory (github-badge-bot). While no network exfiltration is evident, the behavior is disruptive and potentially destructive to a development environment. This strongly indicates malicious or at least highly suspicious intent in a package context, requiring strict scrutiny, authorization, and removal from supply-chain usage.

This assembly contains clear indicators of a malicious in-memory loader/reflective injector. The obfuscated code reads embedded resources and files, decrypts/transforms them, allocates executable memory (VirtualAlloc/mmap), writes into process memory (Marshal.Copy / /proc/self/mem / WriteProcessMemory), fixes memory protections and invokes the payload via runtime method/dynamic delegates. Static initialization paths call into this logic, meaning it can execute when the assembly is loaded. This is highly suspicious and consistent with a supply-chain trojan/backdoor loader. Do not use this package in production; treat it as malicious and remove/replace it and investigate systems that consumed it.

This code performs host fingerprinting and environment enumeration (including potentially sensitive environment variable names) and exfiltrates the collected metadata to a hardcoded external endpoint (ngrok URL). It also leaves marker files on disk and can perform DNS beaconing. This is highly suspicious for a library dependency and constitutes a data-exfiltration/backdoor risk. Unless this behavior is explicitly required and trusted by the user (with the endpoint under their control), the package should be treated as malicious or at least unacceptable for use in production.

Live on npm for 3 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This code is highly suspicious and poses an extreme security risk. It should not be used under any circumstances.

This script performs an unconditional, elevated recursive deletion of multiple filesystem paths. It is high-risk: if executed by a user with sudo privileges or by root, it will cause irreversible data loss (including deleting /home/public and /home/sample-videos if those paths exist). The code itself is not obfuscated and contains no network or data-exfiltration behavior, but the destructive filesystem operation warrants treating it as dangerous. Only run this script in a fully controlled environment with explicit intent, or modify it to add safety checks, confirmations, and logging.

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.

Live on npm for 2 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file contains explicit, high-confidence data exfiltration: it reads /flag.txt and posts its contents to a hardcoded external webhook (webhook.site). Treat as malicious; do not execute in environments containing secrets. Remove and investigate any related packages or commits, and rotate any secrets that may have been exposed if this code was executed.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The package/skill is functionally consistent with helping users write and publish Twitter/X threads. It does not contain explicit, identifiable malware or obfuscated code in the provided text. However, it exhibits multiple supply-chain and data-exposure risks: pipe-to-shell installer that fetches remote binaries, distribution outside standard package registries, unclear credential handling (infsh login), server-side rendering/fetching of user-supplied HTML/URLs, and encouragement of unpinned third-party skill installs. These patterns make it SUSPICIOUS from a supply-chain and privacy standpoint — verify binary checksums manually, audit the infsh binary or prefer managed packages, and avoid entering credentials or uploading sensitive content unless you trust and have audited the service. LLM verification: The skill’s purpose (AI-driven Twitter/X thread creation using an external CLI) is coherent, but the install and execution approach—curl | sh to fetch a remote binary with checksum verification—constitutes a high-risk supply-chain pattern. While not proven malicious, the approach requires stronger guarantees (signed, pinned installers; in-repo tooling; transparent data handling by the external CLI). Treat as SUSPICIOUS with elevated scrutiny of distribution trust chain and data flows; prefer sel

The best report is Report 3, and it is consistent with the observed code: this is a clear adversarial exploit/PoC harness. It uses adb to force-stop and start Android activities on a target package, injects a crafted META-INF/services provider entry (via attacker-controlled intent extras to an 'insecure file activity'), triggers class loading (FastServiceLoader) by restarting the app, and verifies success through a specific logcat crash signature. It also performs potentially destructive on-device cleanup using rm -rf. No code obfuscation is present, but the script’s behavior is explicitly hostile and could enable unauthorized exploitation if misused.

The primary concern in this code is the 'testwif' function, which sends encoded private key data to an external server. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This code module is a high-confidence local credential/session token harvester. It targets Channel.io authentication-related cookies inside the desktop app and Chromium cookie stores, decrypts them using OS-specific secret retrieval (macOS Keychain via execSync and Windows DPAPI via Local State master key), and returns plaintext account/session tokens to the caller. Even without visible network exfiltration in this snippet, the functionality aligns strongly with credential theft and unauthorized session use. Treat the package as a serious security risk.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This fragment exhibits high-risk loader/backdoor characteristics: strong obfuscation, anti-tamper mechanisms, dynamic code loading from embedded resources, and extensive unmanaged interop. Although not definitive malware from static evidence alone, the design enables hidden payload execution at runtime and poses substantial supply-chain risk. Recommend treating this dependency as suspicious, performing deobfuscation/controlled-runtime analysis in a sandbox, and replacing with audited, signed components or vendor-approved versions.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.

Live on npm for 4 days, 8 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The script presents a high probability of malicious behavior due to the hardcoded IP address, data obfuscation, file operations, and the execution of unknown scripts downloaded from a remote server. It poses a significant security risk and should not be used without a thorough review and understanding of its operations.

Live on npm for 140 days, 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information to an external server, which is a clear security risk and potentially malicious behavior.

This script is attempting to collect and send system information to a remote server, which poses a significant security risk and indicates potential malicious behavior.

Live on npm for 18 days, 10 hours and 48 minutes before removal. Socket users were protected even while the package was live.

Overall, this module presents a very high security risk due to explicit arbitrary JavaScript execution (eval of backend/user-provided scripts and dynamically generated predicates) and DOM XSS-enabling rendering (bypassSecurityTrustHtml + [innerHTML]). If an attacker can influence the backend configuration (configContent), cached filter/script settings, or displayed cell values, they can execute attacker-controlled code in the browser context and potentially exfiltrate authentication tokens and sensitive data.

This module exposes a high-risk, likely malicious behavior: a web endpoint that accepts a PID, probes the corresponding TTY, uses AppleScript to read macOS Terminal tab command history, and returns that history to the requester. It also performs shell command execution with request-influenced string interpolation (`execSync`), increasing exploitability. Overall, it is strongly consistent with spyware/session/credential-command-history harvesting rather than benign functionality.

This module is a tampered CryptoJS-like library that embeds an encoded script inside the `Hasher.cfg.iv` and executes it at runtime via `new Function(...); seedFunction();` whenever the hashing helper is used. The embedded payload includes capabilities associated with malware staging (network download, filesystem write, and process execution). Treat the package as malicious/supply-chain compromised and do not use it.

Live on npm for 1 day, 5 hours and 7 minutes before removal. Socket users were protected even while the package was live.

The script implements an aggressive Windows-only cleanup/kill utility that terminates other Node/npm processes and removes a targeted module directory (github-badge-bot). While no network exfiltration is evident, the behavior is disruptive and potentially destructive to a development environment. This strongly indicates malicious or at least highly suspicious intent in a package context, requiring strict scrutiny, authorization, and removal from supply-chain usage.

This assembly contains clear indicators of a malicious in-memory loader/reflective injector. The obfuscated code reads embedded resources and files, decrypts/transforms them, allocates executable memory (VirtualAlloc/mmap), writes into process memory (Marshal.Copy / /proc/self/mem / WriteProcessMemory), fixes memory protections and invokes the payload via runtime method/dynamic delegates. Static initialization paths call into this logic, meaning it can execute when the assembly is loaded. This is highly suspicious and consistent with a supply-chain trojan/backdoor loader. Do not use this package in production; treat it as malicious and remove/replace it and investigate systems that consumed it.

This code performs host fingerprinting and environment enumeration (including potentially sensitive environment variable names) and exfiltrates the collected metadata to a hardcoded external endpoint (ngrok URL). It also leaves marker files on disk and can perform DNS beaconing. This is highly suspicious for a library dependency and constitutes a data-exfiltration/backdoor risk. Unless this behavior is explicitly required and trusted by the user (with the endpoint under their control), the package should be treated as malicious or at least unacceptable for use in production.

Live on npm for 3 hours and 5 minutes before removal. Socket users were protected even while the package was live.

This code is highly suspicious and poses an extreme security risk. It should not be used under any circumstances.

This script performs an unconditional, elevated recursive deletion of multiple filesystem paths. It is high-risk: if executed by a user with sudo privileges or by root, it will cause irreversible data loss (including deleting /home/public and /home/sample-videos if those paths exist). The code itself is not obfuscated and contains no network or data-exfiltration behavior, but the destructive filesystem operation warrants treating it as dangerous. Only run this script in a fully controlled environment with explicit intent, or modify it to add safety checks, confirmations, and logging.

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.

Live on npm for 2 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This file contains explicit, high-confidence data exfiltration: it reads /flag.txt and posts its contents to a hardcoded external webhook (webhook.site). Treat as malicious; do not execute in environments containing secrets. Remove and investigate any related packages or commits, and rotate any secrets that may have been exposed if this code was executed.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] The package/skill is functionally consistent with helping users write and publish Twitter/X threads. It does not contain explicit, identifiable malware or obfuscated code in the provided text. However, it exhibits multiple supply-chain and data-exposure risks: pipe-to-shell installer that fetches remote binaries, distribution outside standard package registries, unclear credential handling (infsh login), server-side rendering/fetching of user-supplied HTML/URLs, and encouragement of unpinned third-party skill installs. These patterns make it SUSPICIOUS from a supply-chain and privacy standpoint — verify binary checksums manually, audit the infsh binary or prefer managed packages, and avoid entering credentials or uploading sensitive content unless you trust and have audited the service. LLM verification: The skill’s purpose (AI-driven Twitter/X thread creation using an external CLI) is coherent, but the install and execution approach—curl | sh to fetch a remote binary with checksum verification—constitutes a high-risk supply-chain pattern. While not proven malicious, the approach requires stronger guarantees (signed, pinned installers; in-repo tooling; transparent data handling by the external CLI). Treat as SUSPICIOUS with elevated scrutiny of distribution trust chain and data flows; prefer sel

The best report is Report 3, and it is consistent with the observed code: this is a clear adversarial exploit/PoC harness. It uses adb to force-stop and start Android activities on a target package, injects a crafted META-INF/services provider entry (via attacker-controlled intent extras to an 'insecure file activity'), triggers class loading (FastServiceLoader) by restarting the app, and verifies success through a specific logcat crash signature. It also performs potentially destructive on-device cleanup using rm -rf. No code obfuscation is present, but the script’s behavior is explicitly hostile and could enable unauthorized exploitation if misused.

The primary concern in this code is the 'testwif' function, which sends encoded private key data to an external server. This behavior is highly suspicious and poses a significant security risk.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This code module is a high-confidence local credential/session token harvester. It targets Channel.io authentication-related cookies inside the desktop app and Chromium cookie stores, decrypts them using OS-specific secret retrieval (macOS Keychain via execSync and Windows DPAPI via Local State master key), and returns plaintext account/session tokens to the caller. Even without visible network exfiltration in this snippet, the functionality aligns strongly with credential theft and unauthorized session use. Treat the package as a serious security risk.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 3 hours and 30 minutes before removal. Socket users were protected even while the package was live.

This fragment exhibits high-risk loader/backdoor characteristics: strong obfuscation, anti-tamper mechanisms, dynamic code loading from embedded resources, and extensive unmanaged interop. Although not definitive malware from static evidence alone, the design enables hidden payload execution at runtime and poses substantial supply-chain risk. Recommend treating this dependency as suspicious, performing deobfuscation/controlled-runtime analysis in a sandbox, and replacing with audited, signed components or vendor-approved versions.

This file is offensive/exploit tooling: it performs automated reconnaissance, crafts and sends SQLi and PHP eval payloads against Joomla sites, extracts credentials/session data, and attempts to install a PHP webshell for persistence. Those behaviors constitute malicious activity (unauthorized access, credential theft, backdoor installation). Treat this code as malicious/exploitative; do not include it in trusted dependencies or run it on networks you do not own/authorize. The snippet contains some syntactic errors suggesting a truncated copy, but intent and many operational parts are explicit.

The code collects and sends potentially sensitive system data to a remote server without user consent, which is indicative of malicious behavior. This poses a significant security risk due to unauthorized data transmission.

Live on npm for 4 days, 8 hours and 42 minutes before removal. Socket users were protected even while the package was live.

The script presents a high probability of malicious behavior due to the hardcoded IP address, data obfuscation, file operations, and the execution of unknown scripts downloaded from a remote server. It poses a significant security risk and should not be used without a thorough review and understanding of its operations.

Live on npm for 140 days, 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate system information to an external server, which is a clear security risk and potentially malicious behavior.

This script is attempting to collect and send system information to a remote server, which poses a significant security risk and indicates potential malicious behavior.

Live on npm for 18 days, 10 hours and 48 minutes before removal. Socket users were protected even while the package was live.

Overall, this module presents a very high security risk due to explicit arbitrary JavaScript execution (eval of backend/user-provided scripts and dynamically generated predicates) and DOM XSS-enabling rendering (bypassSecurityTrustHtml + [innerHTML]). If an attacker can influence the backend configuration (configContent), cached filter/script settings, or displayed cell values, they can execute attacker-controlled code in the browser context and potentially exfiltrate authentication tokens and sensitive data.