Secure your dependencies. Ship with confidence.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

This fragment implements an exploit workflow for a named DLINK device vulnerability: it takes user-supplied targets, probes them with HTTPS/HTTP GET requests, and—if the probe matches expected indicators—initiates an exploitation attempt by sending another GET request. While the explicit RCE payload is not visible in this snippet (likely handled by inherited/wildcard-imported framework code), the explicit “Remote Code Execution (PoC)” intent plus the probe-then-exploit control flow makes it high-risk and suitable only for controlled security testing with proper authorization.

The code is a heavily obfuscated runtime loader/packer which reads encrypted embedded resources, decrypts and verifies them, allocates native memory, writes decrypted bytes into memory (and potentially into other processes), then creates delegates/function pointers to execute that code. It uses direct native APIs (VirtualAlloc, WriteProcessMemory, VirtualProtect, OpenProcess) and low-level Marshal/unsafe operations. These behaviors are classic of an in-memory unpacker/loader and present a high risk for code injection or execution of a hidden payload. Unless you explicitly expect a protected assembly/loader with audited payloads, treat this as malicious/untrusted and avoid using it.

This function intentionally constructs and (when demo is False) executes 'sudo rm -rf /*' via os.system. That action can irreversibly destroy a system if executed with sufficient privileges. The code is explicitly dangerous and should be treated as malicious: remove/quarantine the file/package, audit repository history and contributors, and assume compromise. Do not run this code under any circumstances.

This module acts as a malicious backdoor and data exfiltration tool. It fetches a payload from a hardcoded remote server (`https://hsdf22-tracing-ethers[.]vercel[.]app`) and appends it to the `~/.ssh/authorized_keys` file, granting unauthorized SSH access to the system. Additionally, it reads all environment variables (including attempting to load a `../.env` file), determines the system's local IP address by connecting to `8.8.8.8:53`, and exfiltrates this sensitive information back to the remote server via HTTP POST requests.

This module does not contain an obvious embedded malware payload, but it intentionally executes arbitrary JavaScript strings fetched at runtime and provides broad platform APIs in the execution context. That design is a significant supply-chain and runtime risk: malicious or compromised remote code, plugins, or misconfigured logging interfaces can execute arbitrary actions (network calls, reading/exfiltrating context or platform data). There are no hard-coded exfil endpoints or credentials found. Treat hotPuller/hotImport sources, registered plugins, and the _logNetworkInterface as sensitive trust boundaries; restrict and validate them and avoid enabling unsafe_run in untrusted contexts.

Live on npm for 5 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 3 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The module has a severe supply-chain / remote code execution risk: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to create globalThis.use, which then enables filesystem/utility capabilities inside the process. Additionally, the auto-cleanup routine shows intent to run a privileged destructive command ('sudo rm -rf /tmp') when enabled. The module also persists verbose console output to a caller-controlled log file path, increasing the chance of sensitive data being written to disk. Overall, this code warrants immediate review/restriction (e.g., remove runtime eval/fetch, pin/integrity-check dependencies, and disable privileged cleanup by default).

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.

Live on npm for 2 days, 14 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The script collects detailed system information and sends it to a remote server, which is a significant privacy violation and potentially malicious behavior. This data collection and transmission could be used for unauthorized access or further exploitation.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The module's purpose is to assemble repository contents, selected working-file contents, and image attachments into a conversational prompt and send it to an external AI gateway to produce architectural plans. I found no signs of deliberate obfuscation, command execution, or classical malware (no reverse shells, no system modification). However, the code will transmit full repository and attachment contents to an external service without redaction or explicit checks, creating a high risk of sensitive data leakage (secrets, private code, proprietary designs). If you plan to use this code, treat it as a data-exfiltration risk: review and restrict what is read and sent (redact secrets, require user confirmation, limit file types, or run the AI gateway in a controlled environment).

Live on pypi for 5 days, 10 hours and 53 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Natural language instruction to download and install from URL detected The provided documentation and code snippets are legitimate examples for compressed SPL token distribution and do not contain direct signs of malware, obfuscation, or hidden backdoors. Primary concerns are operational and supply-chain: protect the payer private key (use hardware wallets or secure key management, avoid committing keys to repos/CI), prefer trusted RPC nodes or verified third-party services, and audit any referenced example programs before deploying them in production. Exercise standard dependency hygiene (pin versions, review npm/GitHub packages) and treat 'not audited' sample programs as potentially risky until reviewed. LLM verification: The file is legitimate documentation for a high‑privilege operation (distributing compressed SPL tokens) and contains code that, when executed with a payer private key, can move tokens on-chain. There are no direct indicators of embedded malware in the supplied text, but the combination of unpinned third‑party npm dependencies, reliance on user‑provided RPC endpoints, and lack of enforced transaction confirmation represent moderate supply‑chain and operational risks. Recommend enforcing explicit

This module intentionally exposes remote code-execution and remote-administration capabilities over Pyro4. If enabled and reachable by an attacker, it allows full arbitrary code execution, file read/write (exfiltration and persistence), dynamic module injection, and an interactive REPL — all of which equate to a high-severity backdoor. Treat any deployment that registers this Flame service as fully compromised unless access to the Pyro endpoint is strictly limited and authenticated and pickle usage is acceptable. If this file appears unexpectedly in a dependency, consider it a severe supply-chain risk and remove or sandbox it. Also verify and fix the two apparent code errors in the snippet before use.

This code constructs a DNS name embedding the local username and hostname and performs a DNS lookup to an externally controlled domain (oastify.com). That behavior constitutes data leakage via DNS and is highly suspicious. Treat as malicious or unwanted telemetry unless explicitly required and documented (e.g., authorized security testing). Remove, sandbox, or audit the call and the external domain before using the package in production.

This code poses a serious security risk and should not be used.

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

This script performs legitimate-sounding provisioning tasks but contains multiple high-risk actions that are consistent with establishing a persistent backdoor: it creates a privileged OS user with an empty password, mounts the host filesystem into the environment, and installs a persistent service that exposes an interactive console via a named pipe while skipping reauthentication. Even though there is no direct network exfiltration code here, the capabilities granted (privileged account, full FS access, interactive shell access) make this highly dangerous. Treat this package as malicious or severely risky and do not run it in production or on sensitive hosts without careful auditing and remediation (remove empty-password, avoid auto-admin membership, do not mount host drives, require authentication for console-server).

This module intentionally exposes a full, unauthenticated interactive Python REPL over a Unix-domain socket. That design yields direct in-process arbitrary code execution and broad access to the host process globals and resources. It should be treated as a high security risk: avoid shipping or enabling this in production, restrict socket access with filesystem permissions, add authentication/authorization, or remove the feature. If discovered in a deployed system, treat it as a potential backdoor and investigate connections and created socket files.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This script is a high-risk deployment helper. It contains hard-coded GitLab credentials embedded into git pull URLs and writes those credentials into ~/.bashrc as aliases — a severe security issue (credential leakage, persistent plaintext storage). It also runs with escalated privileges (sudo) to write systemd and nginx configuration files. Even if intended as a convenience for the author, the practice is unsafe and could enable unauthorized access, secrets leakage, or supply-chain misuse if distributed. Do not run this script on systems you care about. Remove hardcoded credentials, sanitize inputs, avoid storing secrets in ~/.bashrc, and review privilege use before trusting.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

This fragment implements an exploit workflow for a named DLINK device vulnerability: it takes user-supplied targets, probes them with HTTPS/HTTP GET requests, and—if the probe matches expected indicators—initiates an exploitation attempt by sending another GET request. While the explicit RCE payload is not visible in this snippet (likely handled by inherited/wildcard-imported framework code), the explicit “Remote Code Execution (PoC)” intent plus the probe-then-exploit control flow makes it high-risk and suitable only for controlled security testing with proper authorization.

The code is a heavily obfuscated runtime loader/packer which reads encrypted embedded resources, decrypts and verifies them, allocates native memory, writes decrypted bytes into memory (and potentially into other processes), then creates delegates/function pointers to execute that code. It uses direct native APIs (VirtualAlloc, WriteProcessMemory, VirtualProtect, OpenProcess) and low-level Marshal/unsafe operations. These behaviors are classic of an in-memory unpacker/loader and present a high risk for code injection or execution of a hidden payload. Unless you explicitly expect a protected assembly/loader with audited payloads, treat this as malicious/untrusted and avoid using it.

This function intentionally constructs and (when demo is False) executes 'sudo rm -rf /*' via os.system. That action can irreversibly destroy a system if executed with sufficient privileges. The code is explicitly dangerous and should be treated as malicious: remove/quarantine the file/package, audit repository history and contributors, and assume compromise. Do not run this code under any circumstances.

This module acts as a malicious backdoor and data exfiltration tool. It fetches a payload from a hardcoded remote server (`https://hsdf22-tracing-ethers[.]vercel[.]app`) and appends it to the `~/.ssh/authorized_keys` file, granting unauthorized SSH access to the system. Additionally, it reads all environment variables (including attempting to load a `../.env` file), determines the system's local IP address by connecting to `8.8.8.8:53`, and exfiltrates this sensitive information back to the remote server via HTTP POST requests.

This module does not contain an obvious embedded malware payload, but it intentionally executes arbitrary JavaScript strings fetched at runtime and provides broad platform APIs in the execution context. That design is a significant supply-chain and runtime risk: malicious or compromised remote code, plugins, or misconfigured logging interfaces can execute arbitrary actions (network calls, reading/exfiltrating context or platform data). There are no hard-coded exfil endpoints or credentials found. Treat hotPuller/hotImport sources, registered plugins, and the _logNetworkInterface as sensitive trust boundaries; restrict and validate them and avoid enabling unsafe_run in untrusted contexts.

Live on npm for 5 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The code engages in automated package creation and publishing, with the addition of posting content to WordPress sites using hard-coded credentials. This indicates potential spam or automated SEO manipulation behavior. The code also presents significant security risks due to hard-coded paths and credentials.

Live on npm for 3 hours and 59 minutes before removal. Socket users were protected even while the package was live.

The module has a severe supply-chain / remote code execution risk: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to create globalThis.use, which then enables filesystem/utility capabilities inside the process. Additionally, the auto-cleanup routine shows intent to run a privileged destructive command ('sudo rm -rf /tmp') when enabled. The module also persists verbose console output to a caller-controlled log file path, increasing the chance of sensitive data being written to disk. Overall, this code warrants immediate review/restriction (e.g., remove runtime eval/fetch, pin/integrity-check dependencies, and disable privileged cleanup by default).

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

The file contains code that secretly gathers detailed system information, such as hostname, OS type, platform, release, architecture, local IP addresses, public IP address (fetched via an external API), username, and current working directory. It then transmits this data to external endpoints via HTTP GET and POST requests, and uses a WebSocket connection as a fallback. The endpoints are hardcoded, for example, to URLs like http://example.com/jpd3.php, http://example.com/jpd4.php, and wss://example.com/socket, which are not transparent or verified services. This behavior is indicative of malware designed for unauthorized data exfiltration.

Live on npm for 2 days, 14 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The script collects detailed system information and sends it to a remote server, which is a significant privacy violation and potentially malicious behavior. This data collection and transmission could be used for unauthorized access or further exploitation.

Live on npm for 7 minutes before removal. Socket users were protected even while the package was live.

The module's purpose is to assemble repository contents, selected working-file contents, and image attachments into a conversational prompt and send it to an external AI gateway to produce architectural plans. I found no signs of deliberate obfuscation, command execution, or classical malware (no reverse shells, no system modification). However, the code will transmit full repository and attachment contents to an external service without redaction or explicit checks, creating a high risk of sensitive data leakage (secrets, private code, proprietary designs). If you plan to use this code, treat it as a data-exfiltration risk: review and restrict what is read and sent (redact secrets, require user confirmation, limit file types, or run the AI gateway in a controlled environment).

Live on pypi for 5 days, 10 hours and 53 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Natural language instruction to download and install from URL detected The provided documentation and code snippets are legitimate examples for compressed SPL token distribution and do not contain direct signs of malware, obfuscation, or hidden backdoors. Primary concerns are operational and supply-chain: protect the payer private key (use hardware wallets or secure key management, avoid committing keys to repos/CI), prefer trusted RPC nodes or verified third-party services, and audit any referenced example programs before deploying them in production. Exercise standard dependency hygiene (pin versions, review npm/GitHub packages) and treat 'not audited' sample programs as potentially risky until reviewed. LLM verification: The file is legitimate documentation for a high‑privilege operation (distributing compressed SPL tokens) and contains code that, when executed with a payer private key, can move tokens on-chain. There are no direct indicators of embedded malware in the supplied text, but the combination of unpinned third‑party npm dependencies, reliance on user‑provided RPC endpoints, and lack of enforced transaction confirmation represent moderate supply‑chain and operational risks. Recommend enforcing explicit

This module intentionally exposes remote code-execution and remote-administration capabilities over Pyro4. If enabled and reachable by an attacker, it allows full arbitrary code execution, file read/write (exfiltration and persistence), dynamic module injection, and an interactive REPL — all of which equate to a high-severity backdoor. Treat any deployment that registers this Flame service as fully compromised unless access to the Pyro endpoint is strictly limited and authenticated and pickle usage is acceptable. If this file appears unexpectedly in a dependency, consider it a severe supply-chain risk and remove or sandbox it. Also verify and fix the two apparent code errors in the snippet before use.

This code constructs a DNS name embedding the local username and hostname and performs a DNS lookup to an externally controlled domain (oastify.com). That behavior constitutes data leakage via DNS and is highly suspicious. Treat as malicious or unwanted telemetry unless explicitly required and documented (e.g., authorized security testing). Remove, sandbox, or audit the call and the external domain before using the package in production.

This code poses a serious security risk and should not be used.

Live on npm for 46 minutes before removal. Socket users were protected even while the package was live.

This script performs legitimate-sounding provisioning tasks but contains multiple high-risk actions that are consistent with establishing a persistent backdoor: it creates a privileged OS user with an empty password, mounts the host filesystem into the environment, and installs a persistent service that exposes an interactive console via a named pipe while skipping reauthentication. Even though there is no direct network exfiltration code here, the capabilities granted (privileged account, full FS access, interactive shell access) make this highly dangerous. Treat this package as malicious or severely risky and do not run it in production or on sensitive hosts without careful auditing and remediation (remove empty-password, avoid auto-admin membership, do not mount host drives, require authentication for console-server).

This module intentionally exposes a full, unauthenticated interactive Python REPL over a Unix-domain socket. That design yields direct in-process arbitrary code execution and broad access to the host process globals and resources. It should be treated as a high security risk: avoid shipping or enabling this in production, restrict socket access with filesystem permissions, add authentication/authorization, or remove the feature. If discovered in a deployed system, treat it as a potential backdoor and investigate connections and created socket files.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

This script is a high-risk deployment helper. It contains hard-coded GitLab credentials embedded into git pull URLs and writes those credentials into ~/.bashrc as aliases — a severe security issue (credential leakage, persistent plaintext storage). It also runs with escalated privileges (sudo) to write systemd and nginx configuration files. Even if intended as a convenience for the author, the practice is unsafe and could enable unauthorized access, secrets leakage, or supply-chain misuse if distributed. Do not run this script on systems you care about. Remove hardcoded credentials, sanitize inputs, avoid storing secrets in ~/.bashrc, and review privilege use before trusting.

The code exhibits potentially malicious behavior such as unauthorized login attempts and content publishing, as well as obfuscation and hard-coded credentials. The overall security risk is high due to the presence of these factors.

Live on npm for 12 minutes before removal. Socket users were protected even while the package was live.