Secure your dependencies. Ship with confidence.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code is a deliberate data-exfiltration payload: it collects local system identification and sensitive files (including /etc/shadow when readable), encodes them, and sends them to a hard-coded external listener using curl invoked via child_process.exec. The behavior is consistent with malicious backdoor/exfiltration; the module should be removed, network access blocked, and the environment investigated for further compromise.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file is a stealthy launcher: it reconstructs and decodes an embedded base64 JavaScript payload and runs it in a detached Node.js child process (node -e). The obfuscation, use of a detached/ignored stdio child, and silent error handling are strong indicators of malicious intent (backdoor/persistent payload/stealthy runner). The exact payload behavior cannot be determined without decoding the embedded base64, but the launcher alone makes this package unsafe for use and potentially harmful.

The code handles updates to the component state and context. It has potential security issues due to untrusted data assignment and the use of unsafe lifecycle methods.

Live on npm for 29 days, 15 hours and 2 minutes before removal. Socket users were protected even while the package was live.

This file defines a Segment destination named 'Trackey' but hard-codes its HTTP sink to https://eo493p73oqjeket[.]m[.]pipedream[.]net/public-api/integrations/segment/webhook. All incoming event fields (userId, event, messageId, timestamp, properties, groupId, traits) are forwarded verbatim in a JSON POST, and the user-supplied API key is sent in an 'api-key' header. Because the endpoint is an unrelated pipedream[.]net collector rather than an official Trackey API, this constitutes intentional data exfiltration and credential leakage. Do not deploy this connector with real secrets or PII until the endpoint and maintainer intent are fully verified; rotate any exposed keys immediately.

This bundle is high risk. It exposes a hardcoded third-party API credential in client code, sends user/project context to an external LLM endpoint, and then uses eval to execute content derived from the LLM response (remote/indirect arbitrary code execution). Additionally, the UI uses dangerouslySetInnerHTML with model/editor strings, creating potential DOM XSS. The combination of exposed secrets, outbound data exfiltration risk, and dynamic code execution is not consistent with a safe supply-chain dependency and warrants immediate remediation (remove the key, disable the LLM/eval path, and sanitize/avoid dangerouslySetInnerHTML).

The code appears to be intentionally collecting system data and sending it to a remote server. It also runs a system command and sends the output to the same server. This behavior raises concerns about potential malicious activity, data leakage, and unauthorized access to the system.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] NOT DIRECTLY MALICIOUS BUT HIGH-PRIVILEGE DESIGN — The code sample implements a brokered integration model that is functional for executing actions across many third-party services. There is no direct evidence in the snippet of obfuscated or explicitly malicious code. However, the design centralizes sensitive credentials and user data with Composio and relies on a single API key plus stored OAuth tokens. This creates a significant attack surface and privacy risk if the broker or the API key are compromised. Before use, validate Composio's security posture (how OAuth tokens are stored and scoped, encryption at rest, token rotation, audit logging, incident response), minimize required scopes, rotate and protect the COMPOSIO_API_KEY (use per-environment least-privilege keys), and ensure users can revoke individual service connections. Treat the package as high-privilege and perform organizational risk assessment and monitoring. LLM verification: The 'connect' skill legitimately implements an agent-action router that forwards user intents to a third-party aggregator (Composio). The code sample itself does not contain clear malicious code, obfuscation, or system takeover routines. The dominant security concern is the architectural choice to centralize credentials and actions in a single third-party service: if Composio or its API key is compromised, the attacker could perform broad actions across many user services. Additional supply-chai

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 6 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This module intentionally implements dynamic code deployment features (writing base64 payloads to disk, importing/reloading modules, and installing packages via pip) which enable remote code execution if an attacker can send crafted requests or control artifacts. There is no authentication or strong integrity verification present in the code, and MD5 is used as a weak checksum. The code is not obfuscated and appears to implement hot-reload features deliberately, but those features present a significant supply-chain and runtime security risk if exposed to untrusted inputs. Treat this as high-risk functionality and restrict access and harden integrity checks before use.

A JavaScript preload script that hooks child_process.execSync/spawnSync and fs methods to intercept macOS “security” commands and reads of “*.credentials.json” files. When the environment variable CLAUDE_CREDENTIALS is set, it returns those credentials (with only the refreshToken zeroed) directly to callers as Buffers or strings, bypassing the OS keychain or on-disk files. It also blocks all other “security” CLI invocations and turns writes, deletes, and chmods on credential files into no-ops. If DEBUG_PRELOAD_SCRIPT is enabled, it logs intercepted commands and even prints the full credentials JSON to stdout/stderr and/or ~/.preload-script.log, creating a high-risk supply-chain backdoor for unauthorized credential injection, persistence, and exfiltration.

The code itself is not directly malicious but introduces a significant security risk by loading an untrusted external iframe with elevated permissions and full viewport coverage. This can be exploited for phishing, clipboard data theft, or UI spoofing. The external domain is suspicious and unrelated to the package, increasing supply chain risk. No obfuscation or direct malware is detected, but the clipboard-write permission and full-screen iframe elevate the threat level. Caution is advised, and further investigation or removal of this behavior is recommended.

Live on npm for 4 hours and 8 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate offensive tool designed to achieve remote code execution against Dolibarr instances by creating content pages containing arbitrary PHP, triggering their execution, collecting output, and then attempting destructive cleanup via rm on the remote host. Inclusion of this code in a dependency is a critical supply-chain risk. Treat as malicious/unwanted in almost all production contexts unless explicitly used for authorized security testing; remove, investigate, and rotate any potentially compromised credentials/endpoints if found.

High security risk. This module contains an explicit mechanism to execute arbitrary JavaScript embedded as <script> tags within the component: when live-script is enabled, it harvests <script> elements from the component subtree, recreates them, and appends them to document.body, causing execution. This is far beyond typical markdown/highlighter functionality. Additionally, it can fetch remote content for highlighting via data-src, expanding the attack surface if DOM attributes are attacker-influenced. Overall, it should be treated as potentially malicious unless live-script is impossible to enable and script tags cannot be introduced into the component’s rendered DOM.

This script contains high-risk operations: it appends a hardcoded SSH public key to root's authorized_keys (gives persistent root access to the key-holder) and configures APT/pip to use a single hardcoded proxy that can centralize and enable interception of package downloads (supply-chain risk). There are coding mistakes (malformed pip heredoc, empty apt install) that lower quality but do not mitigate the security issues. Treat as dangerous for multi-tenant or public use; acceptable only in tightly controlled internal provisioning with documented justification and audited key/proxy management.

This code poses a serious security risk and should not be used.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This module implements a fully functional screen and input capture recorder that collects screenshots, cursor/click events and keypresses, combines them into batches (zip) and either saves them locally or uploads them to a configured remote endpoint with a secret key header. That behavior is highly sensitive and consistent with data-exfiltration / surveillance tooling. Whether it is 'malicious' depends on intent and deployment context (e.g., legitimate monitoring vs covert keylogger). Regardless of intent, inclusion of automated keylogging and screenshot exfiltration represents a high security risk: do not install/run in untrusted environments and audit endpoint and secret_key environment variables. Recommended actions: treat this package as potentially dangerous, audit its distribution source, ensure it is not installed implicitly, and restrict network and file-system privileges if you must analyze it.

This module embeds an HTTP POST side effect that spawns the external `gh auth login --web` command in detached mode with ignored stdio and suppressed visibility. That is atypical for standard Next.js route runtime code and creates a high-risk pathway for unauthorized process execution / credential-adjacent behavior if the route is reachable without strong authorization and auditing. Additionally, it can disclose error details by returning `e.message` on spawn failure. Other parts of the fragment appear to be normal Next.js server scaffolding without obvious additional malicious primitives.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script runs 'index.js' and silences all output, which could be a method to hide malicious actions or errors. The safety of this script depends on the contents of 'index.js'.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code is a deliberate data-exfiltration payload: it collects local system identification and sensitive files (including /etc/shadow when readable), encodes them, and sends them to a hard-coded external listener using curl invoked via child_process.exec. The behavior is consistent with malicious backdoor/exfiltration; the module should be removed, network access blocked, and the environment investigated for further compromise.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This file is a stealthy launcher: it reconstructs and decodes an embedded base64 JavaScript payload and runs it in a detached Node.js child process (node -e). The obfuscation, use of a detached/ignored stdio child, and silent error handling are strong indicators of malicious intent (backdoor/persistent payload/stealthy runner). The exact payload behavior cannot be determined without decoding the embedded base64, but the launcher alone makes this package unsafe for use and potentially harmful.

The code handles updates to the component state and context. It has potential security issues due to untrusted data assignment and the use of unsafe lifecycle methods.

Live on npm for 29 days, 15 hours and 2 minutes before removal. Socket users were protected even while the package was live.

This file defines a Segment destination named 'Trackey' but hard-codes its HTTP sink to https://eo493p73oqjeket[.]m[.]pipedream[.]net/public-api/integrations/segment/webhook. All incoming event fields (userId, event, messageId, timestamp, properties, groupId, traits) are forwarded verbatim in a JSON POST, and the user-supplied API key is sent in an 'api-key' header. Because the endpoint is an unrelated pipedream[.]net collector rather than an official Trackey API, this constitutes intentional data exfiltration and credential leakage. Do not deploy this connector with real secrets or PII until the endpoint and maintainer intent are fully verified; rotate any exposed keys immediately.

This bundle is high risk. It exposes a hardcoded third-party API credential in client code, sends user/project context to an external LLM endpoint, and then uses eval to execute content derived from the LLM response (remote/indirect arbitrary code execution). Additionally, the UI uses dangerouslySetInnerHTML with model/editor strings, creating potential DOM XSS. The combination of exposed secrets, outbound data exfiltration risk, and dynamic code execution is not consistent with a safe supply-chain dependency and warrants immediate remediation (remove the key, disable the LLM/eval path, and sanitize/avoid dangerouslySetInnerHTML).

The code appears to be intentionally collecting system data and sending it to a remote server. It also runs a system command and sends the output to the same server. This behavior raises concerns about potential malicious activity, data leakage, and unauthorized access to the system.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] NOT DIRECTLY MALICIOUS BUT HIGH-PRIVILEGE DESIGN — The code sample implements a brokered integration model that is functional for executing actions across many third-party services. There is no direct evidence in the snippet of obfuscated or explicitly malicious code. However, the design centralizes sensitive credentials and user data with Composio and relies on a single API key plus stored OAuth tokens. This creates a significant attack surface and privacy risk if the broker or the API key are compromised. Before use, validate Composio's security posture (how OAuth tokens are stored and scoped, encryption at rest, token rotation, audit logging, incident response), minimize required scopes, rotate and protect the COMPOSIO_API_KEY (use per-environment least-privilege keys), and ensure users can revoke individual service connections. Treat the package as high-privilege and perform organizational risk assessment and monitoring. LLM verification: The 'connect' skill legitimately implements an agent-action router that forwards user intents to a third-party aggregator (Composio). The code sample itself does not contain clear malicious code, obfuscation, or system takeover routines. The dominant security concern is the architectural choice to centralize credentials and actions in a single third-party service: if Composio or its API key is compromised, the attacker could perform broad actions across many user services. Additional supply-chai

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 6 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This module intentionally implements dynamic code deployment features (writing base64 payloads to disk, importing/reloading modules, and installing packages via pip) which enable remote code execution if an attacker can send crafted requests or control artifacts. There is no authentication or strong integrity verification present in the code, and MD5 is used as a weak checksum. The code is not obfuscated and appears to implement hot-reload features deliberately, but those features present a significant supply-chain and runtime security risk if exposed to untrusted inputs. Treat this as high-risk functionality and restrict access and harden integrity checks before use.

A JavaScript preload script that hooks child_process.execSync/spawnSync and fs methods to intercept macOS “security” commands and reads of “*.credentials.json” files. When the environment variable CLAUDE_CREDENTIALS is set, it returns those credentials (with only the refreshToken zeroed) directly to callers as Buffers or strings, bypassing the OS keychain or on-disk files. It also blocks all other “security” CLI invocations and turns writes, deletes, and chmods on credential files into no-ops. If DEBUG_PRELOAD_SCRIPT is enabled, it logs intercepted commands and even prints the full credentials JSON to stdout/stderr and/or ~/.preload-script.log, creating a high-risk supply-chain backdoor for unauthorized credential injection, persistence, and exfiltration.

The code itself is not directly malicious but introduces a significant security risk by loading an untrusted external iframe with elevated permissions and full viewport coverage. This can be exploited for phishing, clipboard data theft, or UI spoofing. The external domain is suspicious and unrelated to the package, increasing supply chain risk. No obfuscation or direct malware is detected, but the clipboard-write permission and full-screen iframe elevate the threat level. Caution is advised, and further investigation or removal of this behavior is recommended.

Live on npm for 4 hours and 8 minutes before removal. Socket users were protected even while the package was live.

This module is a deliberate offensive tool designed to achieve remote code execution against Dolibarr instances by creating content pages containing arbitrary PHP, triggering their execution, collecting output, and then attempting destructive cleanup via rm on the remote host. Inclusion of this code in a dependency is a critical supply-chain risk. Treat as malicious/unwanted in almost all production contexts unless explicitly used for authorized security testing; remove, investigate, and rotate any potentially compromised credentials/endpoints if found.

High security risk. This module contains an explicit mechanism to execute arbitrary JavaScript embedded as <script> tags within the component: when live-script is enabled, it harvests <script> elements from the component subtree, recreates them, and appends them to document.body, causing execution. This is far beyond typical markdown/highlighter functionality. Additionally, it can fetch remote content for highlighting via data-src, expanding the attack surface if DOM attributes are attacker-influenced. Overall, it should be treated as potentially malicious unless live-script is impossible to enable and script tags cannot be introduced into the component’s rendered DOM.

This script contains high-risk operations: it appends a hardcoded SSH public key to root's authorized_keys (gives persistent root access to the key-holder) and configures APT/pip to use a single hardcoded proxy that can centralize and enable interception of package downloads (supply-chain risk). There are coding mistakes (malformed pip heredoc, empty apt install) that lower quality but do not mitigate the security issues. Treat as dangerous for multi-tenant or public use; acceptable only in tightly controlled internal provisioning with documented justification and audited key/proxy management.

This code poses a serious security risk and should not be used.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

This module implements a fully functional screen and input capture recorder that collects screenshots, cursor/click events and keypresses, combines them into batches (zip) and either saves them locally or uploads them to a configured remote endpoint with a secret key header. That behavior is highly sensitive and consistent with data-exfiltration / surveillance tooling. Whether it is 'malicious' depends on intent and deployment context (e.g., legitimate monitoring vs covert keylogger). Regardless of intent, inclusion of automated keylogging and screenshot exfiltration represents a high security risk: do not install/run in untrusted environments and audit endpoint and secret_key environment variables. Recommended actions: treat this package as potentially dangerous, audit its distribution source, ensure it is not installed implicitly, and restrict network and file-system privileges if you must analyze it.

This module embeds an HTTP POST side effect that spawns the external `gh auth login --web` command in detached mode with ignored stdio and suppressed visibility. That is atypical for standard Next.js route runtime code and creates a high-risk pathway for unauthorized process execution / credential-adjacent behavior if the route is reachable without strong authorization and auditing. Additionally, it can disclose error details by returning `e.message` on spawn failure. Other parts of the fragment appear to be normal Next.js server scaffolding without obvious additional malicious primitives.