Secure your dependencies. Ship with confidence.

This module is a runtime bootstrapper/installer pattern: it downloads a platform-specific Bun ZIP from GitHub Releases, extracts it, and executes the extracted Bun binary immediately. The primary security concern is supply-chain integrity: the code performs no checksum/signature verification of the downloaded artifact and follows HTTP redirects without destination validation. PowerShell extraction uses `-ExecutionPolicy Bypass` on Windows. While the behavior is consistent with a legitimate installer, the lack of cryptographic verification and direct execution of network-obtained binaries makes this high-impact and should be reviewed/mitigated (e.g., pin expected hashes, validate redirect destinations, and avoid broad ExecutionPolicy bypass where possible).

This module has a critical supply-chain risk: it fetches executable JavaScript from a public CDN at runtime and executes it with eval(), then uses the resulting loader to obtain command execution and filesystem capabilities. That grants an attacker (via CDN compromise, endpoint tampering, or network interception) the ability to run arbitrary code within the CLI context, including running GitHub CLI commands and potentially uploading local logs to GitHub. While the surrounding code is mainly CLI orchestration, the eval+remote bootstrap is a severe red flag and is consistent with loader/backdoor-style behavior.

This fragment is consistent with malicious supply-chain reconnaissance/stealing: it automatically collects host/user identity, external IP from a remote service, reads local configuration file contents from multiple candidate paths, executes a shell command to capture activity output, encrypts the aggregated data with an embedded secret, and exfiltrates it over TCP to a configurable endpoint. The extensive obfuscation/indirection and custom encrypted transport further strengthen the assessment. Treat the package as malicious and investigate for execution, persistence, and egress to the configured endpoint/port.

This module contains a high-severity client-side remote code execution capability. It injects a script into proxied HTML that listens for window postMessage events, executes message-provided JavaScript via new Function(text) without apparent robust authentication/origin checks, and returns results/errors back to the parent using postMessage('*'). The fragment also shows additional high-risk behaviors (TLS certificate verification disabled for an HTTPS proxy agent, and privileged hosts-file modification), which further elevate overall supply-chain security risk. Use/ship only with strong isolation, strict message authentication and origin validation, and removal of the dynamic evaluation backdoor.

High-risk supply-chain issue: this module performs runtime downloading of JavaScript from a public CDN and executes it via eval to populate globalThis.use, then uses that to build the parser. This creates an environment-wide arbitrary code execution risk. Additionally, cache file paths are derived from an unsanitized caller-provided filename, which could enable path traversal and unintended file read/write if filename control is possible. No direct evidence of data theft/exfiltration exists in this fragment beyond the critical remote code execution pathway.

This module is a high-risk offensive exploitation helper that constructs multiple ready-to-use payload types for achieving arbitrary code execution (system('/bin/sh'), execve via syscall/SROP, ret2dlresolve) and reading a flag file (ORW with default '/flag'). It also includes host binary/library introspection (ldd/nm) and appears capable of transmitting crafted payloads (largebin_attack via an undefined _send_recv). In a supply-chain context, shipping such functionality is strongly suspicious and could materially enable exploitation by downstream users or automated attack tooling.

This module is strongly indicative of offensive exploitation tooling. It constructs FSOP payloads that redirect execution to system (optionally one_gadget) and embeds '/bin/sh', plus a seccomp-aware ROP chain to perform ORW on '/flag'. This is consistent with weaponized code intended to achieve unauthorized code execution and/or sensitive file access. No evidence of defensive or benign use in the provided fragment.

This module is a deliberate weaponized payload generator. It constructs multiple document formats embedding explicit XXE (file:///etc/passwd) and XSS/execution code, including an HTML cookie exfiltration attempt to an external attacker-controlled domain, and it appends caller-supplied bytes to tailor payload content. While this file does not execute or transmit anything itself, its returned outputs are overtly malicious and designed to be used by downstream consumers (writers/parsers/renderers).

This module contains a critical arbitrary JavaScript execution primitive. It evaluates attribute-provided strings for 'loadstart'/'progress'/'loadfinished' using (0, eval)(code) and immediately executes the result with globalThis binding, passing the engine Context and event data. If an attacker can influence those attributes, they can execute code in the embedding page context. The component also uses attacker-influenced 'src' values to drive asset loading inputs and accepts an untrusted CSS selector for focus-rect, increasing overall risk.

This module is highly weaponized and operationally capable of exploiting a remote service: it crafts ROP/SROP/GOT overwrite/ret2win/one_gadget/ORW payloads using leaked bases and gadget discovery, delivers them over UDP, and confirms attempted execution via /tmp marker side effects and /proc-based shell detection. If included as a supply-chain dependency in non-isolated environments, it represents a critical security risk and strong malicious/exploit intent signal.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

High-confidence local supply-chain tampering. The script automatically locates an installed Baileys dependency and overwrites its newsletter socket implementation on disk with an embedded modified payload, then writes a persistence marker and exits. This is consistent with unauthorized automation/persistence or backdoor injection through node_modules modification; the exact malicious behaviors inside the embedded payload cannot be fully verified from the excerpt, but the patching mechanism itself is a severe security red flag.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This module contains an explicit, user-triggered arbitrary shell command execution pathway (input prefixed with '!': execSync of user-controlled text), plus filesystem export writes that incorporate user-influenced filenames and tool-call arguments. It also performs diagnostics that partially disclose API key tail and renders sensitive command output back to the UI. Even without evidence of stealthy malware behavior in this fragment, the direct RCE/sabotage primitive and potential sensitive-data leakage make this a severe security risk for inclusion as an untrusted dependency.

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

Highest concern: the module conditionally fetches JavaScript from https://unpkg.com and executes it with eval to create a globalThis.use loader, enabling runtime remote code execution and major supply-chain risk (no integrity/version pinning). Secondary concern: it then parses input and writes derived values directly into process.env without strong allowlisting/validation of keys/values, amplifying impact from malicious or unexpected configuration content.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

This module has a critical supply-chain/runtime security flaw: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to establish globalThis.use. That provides an immediate arbitrary-code-execution path under the privileges of the running process, making the package highly untrustworthy regardless of the rest of the logic appearing to only perform benign disk/RAM checks. Treat this dependency/module as compromised/unacceptable unless the remote eval bootstrap is removed or replaced with pinned, integrity-verified local code.

High-risk behavior consistent with sensitive credential exfiltration and account automation. The code retrieves stored credentials (email/password/TOTP) from the Rosetta backend and submits them to a hardcoded remote proxy domain (https://bcai.site/api/proxy) via automation/start. Additionally, the window message handling does not validate origin/sender, increasing the risk of spoofed automation events. While this appears functionally like an automation tool, it matches the extension-focused criteria for credential theft/exfiltration.

This module is extremely dangerous primarily due to untrusted remote deserialization: /add_model uses cloudpickle.loads on attacker-provided base64 payloads, creating an immediate RCE primitive. Additionally, it mutates the server’s model/config registries with the deserialized objects and exposes dynamic model add/delete endpoints without any authentication/authorization checks shown here. The remaining functionality (request conversion, streaming SSE formatting, token counting) is comparatively secondary; the deserialization behavior alone makes this unsafe to deploy in any environment where an attacker can reach /add_model.

This module contains an extreme supply-chain and runtime integrity weakness: it downloads JavaScript from unpkg at execution time and runs it via eval() to install globalThis.use, which then provides the command-execution layer ($). This creates a high-impact remote code execution and command-execution risk that cannot be mitigated by typical npm lockfile trust. Additional moderate risk exists from executing gh/git commands with caller-provided inputs and performing recursive deletion under a caller-controlled tempDir, but the primary concern is the eval(fetch(...)) bootstrap.

This module is a highly suspicious, intentionally malicious payload/artifact generator. It constructs complete scripts for multiple languages that contain direct command execution ('id') and dynamic evaluation mechanisms (JS eval; PHP eval/base64_decode), uses offset to create oversized literals, and appends attacker-controlled bytes (sc) verbatim into the resulting executable script content. While this fragment does not execute commands itself, it clearly prepares harmful artifacts for later deployment and execution. Recommended action: treat as malicious and do not use; inspect downstream code paths that write/run the generated files.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module is strongly indicative of malicious spyware/backdoor behavior: it automatically gathers host identity and external IP, reads local configuration snippets from multiple filesystem candidates, captures stdout from a local command, encrypts the aggregated data, and exfiltrates it to an operator-controlled remote endpoint over TCP. The heavy obfuscation, custom encrypted framing, and immediate self-invocation further increase the likelihood of intentional data theft.

High risk. This module performs a runtime network fetch of JavaScript from a public CDN and executes it via eval to set a global loader used for command execution primitives. That is a critical supply-chain/RCE pattern with the potential for full compromise. Additionally, it configures broad agent permissions (opencode.json), passes process.env to an external tool, executes shell-like pipelines via a dynamically sourced command-stream helper, and logs raw untrusted subprocess output (potential sensitive data exposure).

This module is a runtime bootstrapper/installer pattern: it downloads a platform-specific Bun ZIP from GitHub Releases, extracts it, and executes the extracted Bun binary immediately. The primary security concern is supply-chain integrity: the code performs no checksum/signature verification of the downloaded artifact and follows HTTP redirects without destination validation. PowerShell extraction uses `-ExecutionPolicy Bypass` on Windows. While the behavior is consistent with a legitimate installer, the lack of cryptographic verification and direct execution of network-obtained binaries makes this high-impact and should be reviewed/mitigated (e.g., pin expected hashes, validate redirect destinations, and avoid broad ExecutionPolicy bypass where possible).

This module has a critical supply-chain risk: it fetches executable JavaScript from a public CDN at runtime and executes it with eval(), then uses the resulting loader to obtain command execution and filesystem capabilities. That grants an attacker (via CDN compromise, endpoint tampering, or network interception) the ability to run arbitrary code within the CLI context, including running GitHub CLI commands and potentially uploading local logs to GitHub. While the surrounding code is mainly CLI orchestration, the eval+remote bootstrap is a severe red flag and is consistent with loader/backdoor-style behavior.

This fragment is consistent with malicious supply-chain reconnaissance/stealing: it automatically collects host/user identity, external IP from a remote service, reads local configuration file contents from multiple candidate paths, executes a shell command to capture activity output, encrypts the aggregated data with an embedded secret, and exfiltrates it over TCP to a configurable endpoint. The extensive obfuscation/indirection and custom encrypted transport further strengthen the assessment. Treat the package as malicious and investigate for execution, persistence, and egress to the configured endpoint/port.

This module contains a high-severity client-side remote code execution capability. It injects a script into proxied HTML that listens for window postMessage events, executes message-provided JavaScript via new Function(text) without apparent robust authentication/origin checks, and returns results/errors back to the parent using postMessage('*'). The fragment also shows additional high-risk behaviors (TLS certificate verification disabled for an HTTPS proxy agent, and privileged hosts-file modification), which further elevate overall supply-chain security risk. Use/ship only with strong isolation, strict message authentication and origin validation, and removal of the dynamic evaluation backdoor.

High-risk supply-chain issue: this module performs runtime downloading of JavaScript from a public CDN and executes it via eval to populate globalThis.use, then uses that to build the parser. This creates an environment-wide arbitrary code execution risk. Additionally, cache file paths are derived from an unsanitized caller-provided filename, which could enable path traversal and unintended file read/write if filename control is possible. No direct evidence of data theft/exfiltration exists in this fragment beyond the critical remote code execution pathway.

This module is a high-risk offensive exploitation helper that constructs multiple ready-to-use payload types for achieving arbitrary code execution (system('/bin/sh'), execve via syscall/SROP, ret2dlresolve) and reading a flag file (ORW with default '/flag'). It also includes host binary/library introspection (ldd/nm) and appears capable of transmitting crafted payloads (largebin_attack via an undefined _send_recv). In a supply-chain context, shipping such functionality is strongly suspicious and could materially enable exploitation by downstream users or automated attack tooling.

This module is strongly indicative of offensive exploitation tooling. It constructs FSOP payloads that redirect execution to system (optionally one_gadget) and embeds '/bin/sh', plus a seccomp-aware ROP chain to perform ORW on '/flag'. This is consistent with weaponized code intended to achieve unauthorized code execution and/or sensitive file access. No evidence of defensive or benign use in the provided fragment.

This module is a deliberate weaponized payload generator. It constructs multiple document formats embedding explicit XXE (file:///etc/passwd) and XSS/execution code, including an HTML cookie exfiltration attempt to an external attacker-controlled domain, and it appends caller-supplied bytes to tailor payload content. While this file does not execute or transmit anything itself, its returned outputs are overtly malicious and designed to be used by downstream consumers (writers/parsers/renderers).

This module contains a critical arbitrary JavaScript execution primitive. It evaluates attribute-provided strings for 'loadstart'/'progress'/'loadfinished' using (0, eval)(code) and immediately executes the result with globalThis binding, passing the engine Context and event data. If an attacker can influence those attributes, they can execute code in the embedding page context. The component also uses attacker-influenced 'src' values to drive asset loading inputs and accepts an untrusted CSS selector for focus-rect, increasing overall risk.

This module is highly weaponized and operationally capable of exploiting a remote service: it crafts ROP/SROP/GOT overwrite/ret2win/one_gadget/ORW payloads using leaked bases and gadget discovery, delivers them over UDP, and confirms attempted execution via /tmp marker side effects and /proc-based shell detection. If included as a supply-chain dependency in non-isolated environments, it represents a critical security risk and strong malicious/exploit intent signal.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

High-confidence local supply-chain tampering. The script automatically locates an installed Baileys dependency and overwrites its newsletter socket implementation on disk with an embedded modified payload, then writes a persistence marker and exits. This is consistent with unauthorized automation/persistence or backdoor injection through node_modules modification; the exact malicious behaviors inside the embedded payload cannot be fully verified from the excerpt, but the patching mechanism itself is a severe security red flag.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This module contains an explicit, user-triggered arbitrary shell command execution pathway (input prefixed with '!': execSync of user-controlled text), plus filesystem export writes that incorporate user-influenced filenames and tool-call arguments. It also performs diagnostics that partially disclose API key tail and renders sensitive command output back to the UI. Even without evidence of stealthy malware behavior in this fragment, the direct RCE/sabotage primitive and potential sensitive-data leakage make this a severe security risk for inclusion as an untrusted dependency.

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

Highest concern: the module conditionally fetches JavaScript from https://unpkg.com and executes it with eval to create a globalThis.use loader, enabling runtime remote code execution and major supply-chain risk (no integrity/version pinning). Secondary concern: it then parses input and writes derived values directly into process.env without strong allowlisting/validation of keys/values, amplifying impact from malicious or unexpected configuration content.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

This module has a critical supply-chain/runtime security flaw: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to establish globalThis.use. That provides an immediate arbitrary-code-execution path under the privileges of the running process, making the package highly untrustworthy regardless of the rest of the logic appearing to only perform benign disk/RAM checks. Treat this dependency/module as compromised/unacceptable unless the remote eval bootstrap is removed or replaced with pinned, integrity-verified local code.

High-risk behavior consistent with sensitive credential exfiltration and account automation. The code retrieves stored credentials (email/password/TOTP) from the Rosetta backend and submits them to a hardcoded remote proxy domain (https://bcai.site/api/proxy) via automation/start. Additionally, the window message handling does not validate origin/sender, increasing the risk of spoofed automation events. While this appears functionally like an automation tool, it matches the extension-focused criteria for credential theft/exfiltration.

This module is extremely dangerous primarily due to untrusted remote deserialization: /add_model uses cloudpickle.loads on attacker-provided base64 payloads, creating an immediate RCE primitive. Additionally, it mutates the server’s model/config registries with the deserialized objects and exposes dynamic model add/delete endpoints without any authentication/authorization checks shown here. The remaining functionality (request conversion, streaming SSE formatting, token counting) is comparatively secondary; the deserialization behavior alone makes this unsafe to deploy in any environment where an attacker can reach /add_model.

This module contains an extreme supply-chain and runtime integrity weakness: it downloads JavaScript from unpkg at execution time and runs it via eval() to install globalThis.use, which then provides the command-execution layer ($). This creates a high-impact remote code execution and command-execution risk that cannot be mitigated by typical npm lockfile trust. Additional moderate risk exists from executing gh/git commands with caller-provided inputs and performing recursive deletion under a caller-controlled tempDir, but the primary concern is the eval(fetch(...)) bootstrap.

This module is a highly suspicious, intentionally malicious payload/artifact generator. It constructs complete scripts for multiple languages that contain direct command execution ('id') and dynamic evaluation mechanisms (JS eval; PHP eval/base64_decode), uses offset to create oversized literals, and appends attacker-controlled bytes (sc) verbatim into the resulting executable script content. While this fragment does not execute commands itself, it clearly prepares harmful artifacts for later deployment and execution. Recommended action: treat as malicious and do not use; inspect downstream code paths that write/run the generated files.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This module is strongly indicative of malicious spyware/backdoor behavior: it automatically gathers host identity and external IP, reads local configuration snippets from multiple filesystem candidates, captures stdout from a local command, encrypts the aggregated data, and exfiltrates it to an operator-controlled remote endpoint over TCP. The heavy obfuscation, custom encrypted framing, and immediate self-invocation further increase the likelihood of intentional data theft.

High risk. This module performs a runtime network fetch of JavaScript from a public CDN and executes it via eval to set a global loader used for command execution primitives. That is a critical supply-chain/RCE pattern with the potential for full compromise. Additionally, it configures broad agent permissions (opencode.json), passes process.env to an external tool, executes shell-like pipelines via a dynamically sourced command-stream helper, and logs raw untrusted subprocess output (potential sensitive data exposure).