Secure your dependencies. Ship with confidence.

This code is a malicious supply-chain pattern: during installation it silently executes a shell-based curl to an embedded remote endpoint, transmitting local hostname and username as query parameters. Output and errors are suppressed and exceptions are swallowed to evade detection. This behavior is unrelated to the declared matrix-processing purpose and strongly indicates covert telemetry/exfiltration.

This module is highly suspicious and likely malicious. It self-installs by copying packaged source into a per-user hidden/cache directory, modifies package.json to remove postinstall/bin fields, performs a silent runtime `npm install` in that directory (supply-chain execution surface), writes a hardcoded remote SERVER_URL, establishes persistence across Windows/macOS/Linux using native autostart mechanisms, and starts the agent as a detached background process with minimal observability. Treat the package as a potential malware/unauthorized agent installer and avoid use in production environments.

This fragment is a high-confidence Windows credential/data stealer component. It specifically targets directories and filenames associated with secrets (SSH/AWS, browser 'Login Data' and 'Cookies', and app data for Discord/VSCode), filters to maximize useful loot, and returns an in-memory ZIP containing harvested sensitive files. While downstream exfiltration is not shown in the fragment, the harvesting+packaging behavior is directly consistent with malicious credential theft workflows.

This module is highly likely malicious: it is a Telegram-controlled backdoor that establishes persistence (Termux ~/.bashrc or Windows Run registry), hides the console window, executes attacker-supplied shell commands via subprocess.check_output with shell=True (/cmd), exfiltrates arbitrary local files via /dl, and writes attacker-supplied files to disk via /upload. It then beacons operational status (hostname/device) and remains available via an infinite bot.polling loop.

This module is highly consistent with malicious covert exfiltration via DNS tunneling. It captures local system/runtime information (environment usernames, command-line args, script absolute path, directory listing, local IP/hostname), encodes the data into DNS subdomain labels using a reversible reverse+hex scheme, frames transmissions with BEGIN/END markers, and sends crafted UDP/53 DNS queries to a hardcoded external server. The behavior is unambiguously aligned with data theft/exfiltration malware rather than benign functionality.

This module is highly suspicious and likely malicious. It self-installs by copying packaged source into a per-user hidden/cache directory, modifies package.json to remove postinstall/bin fields, performs a silent runtime `npm install` in that directory (supply-chain execution surface), writes a hardcoded remote SERVER_URL, establishes persistence across Windows/macOS/Linux using native autostart mechanisms, and starts the agent as a detached background process with minimal observability. Treat the package as a potential malware/unauthorized agent installer and avoid use in production environments.

High risk. This module performs a runtime network fetch of JavaScript from a public CDN and executes it via eval to set a global loader used for command execution primitives. That is a critical supply-chain/RCE pattern with the potential for full compromise. Additionally, it configures broad agent permissions (opencode.json), passes process.env to an external tool, executes shell-like pipelines via a dynamically sourced command-stream helper, and logs raw untrusted subprocess output (potential sensitive data exposure).

This module is strongly security-sensitive because it implements an eval-like “script hook” by compiling and executing code from a DOM attribute (${Env.prefix}${event}-after-run) using new Function. That single primitive enables arbitrary JavaScript execution in the page context when an attacker can influence the attribute content. Additional risks include navigation/redirect and history manipulation driven by DOM attributes, selector-driven DOM targeting with broad mutation capabilities, and propagation of network response data into binding/UI state.

This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.

This module contains a critical supply-chain/backdoor-style mechanism: it fetches JavaScript at runtime from an external CDN (unpkg) and executes it via eval. That single pattern makes the package extremely high risk because it enables arbitrary remote code execution in the installer/execution context. Additionally, the code uses child_process.exec with shell command strings interpolated from function parameters (owner/repo/issueNum), which can introduce command injection risks if inputs are not strictly controlled.

This module is not merely path handling: it provides capabilities to modify filesystem ownership/ACLs/attributes and, on Windows, can execute attacker-supplied command lines by generating and running an elevated batch script via UAC (-Verb RunAs). While there is no evidence of network exfiltration in this fragment, the combination of permission bypass + broad ACL grants + elevated arbitrary execution makes it a significant supply-chain security risk and should be reviewed/contained, especially if any inputs are influenced by untrusted data.

This code performs immediate outbound beaconing/exfiltration on import to a hardcoded external webhook, transmitting identifiable local information (hostname, user, OS) over HTTP. Silent exception handling and top-level execution strongly indicate stealthy telemetry rather than legitimate functionality. Treat this as malicious supply-chain behavior and block/remove the dependency; investigate systems where it may have been imported and consider incident response for potential data exposure.

This code is highly suspicious because it exposes direct remote filesystem operations: directory listing, arbitrary file reading (including base64 content exfiltration), and arbitrary file uploading (including chunked writes finalized onto the server filesystem). While safety may depend on the external runtime.resolvePath and authorization model, this module itself contains no robust sandbox/jail enforcement, access control, size/range validation for chunk writes, or strong transfer-ID protection. Functionally, it matches backdoor/RMM-style filesystem management capability and should be reviewed/locked down aggressively (or removed) if not intended for a trusted operator-only environment.

This code is highly likely malicious: it downloads and uses a remote payload (RISH/rish_shizuku.dex) without integrity checks, harvests extremely sensitive device data (contacts, SMS, call logs, identifiers, location/cache, security state), and exfiltrates it to a hardcoded Telegram bot. It also deletes local exported files afterward (anti-forensics). While it includes an AI chat feature, the background collection/upload makes it an information-stealing agent. Recommend not using and treat as a trojan/supply-chain compromise risk.

This module implements an unauthenticated local IPC service that directly executes arbitrary shell commands provided by the socket client via '/bin/bash -c' in detached background processes, while persisting stdout/stderr to per-job log files. It also supports attacker-driven stop/delete actions keyed by job_id, enabling process termination and log deletion based on stored job metadata. Regardless of intent, this is highly indicative of backdoor/agent-like command execution capability and should be treated as a serious security risk until access controls and deployment permissions (socket filesystem permissions, authentication, and db.js safeguards) are verified.

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

This module is extremely high risk: it includes unrestricted arbitrary command execution (exec/execSync) and arbitrary JavaScript execution (eval) that take caller-provided strings with no validation, alongside hardcoded credentials and deceptive/instruction-manipulation tool metadata. Even though the HTTP handler response is static in this snippet and no explicit exfiltration is shown here, the included capabilities strongly enable RCE, credential misuse, and downstream data theft if integrated elsewhere.

This code is best characterized as a CI-targeted credential-stealing and data-exfiltration backdoor. It performs anti-sandbox/CI gating, harvests sensitive environment variables and the full process environment from /proc/self/environ, and queries the AWS EC2 instance metadata service (169.254.169.254) to obtain IAM role credentials. It then exfiltrates all collected information to a hardcoded Telegram bot/chat over HTTPS, with error suppression to improve stealth. No legitimate business logic is present in this module.

This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.

High risk. The package runs a postinstall script (postinstall.js) and depends on multiple libraries that enable machine fingerprinting, screen capture, input automation, local storage, image processing, and easy network exfiltration. If postinstall.js or other bundled code uses these libraries to contact remote servers or perform automated interaction, it could perform telemetry, data exfiltration, or remote control. You should inspect the contents of postinstall.js and audit any code that uses these powerful dependencies before allowing installation.

This code is performing DNS-based exfiltration/fingerprinting: it collects the local username and hostname, embeds them into the leftmost labels of a DNS query targeted at a hardcoded attacker-controlled OAST domain, and relies on the side-effect of the outbound DNS request (empty callback) to transmit the identifiers out-of-band. The fragment shows strong malicious intent with no benign application purpose.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

This code is highly suspicious because it exposes direct remote filesystem operations: directory listing, arbitrary file reading (including base64 content exfiltration), and arbitrary file uploading (including chunked writes finalized onto the server filesystem). While safety may depend on the external runtime.resolvePath and authorization model, this module itself contains no robust sandbox/jail enforcement, access control, size/range validation for chunk writes, or strong transfer-ID protection. Functionally, it matches backdoor/RMM-style filesystem management capability and should be reviewed/locked down aggressively (or removed) if not intended for a trusted operator-only environment.

This module exposes an interactive, long-lived OS shell controlled by caller-supplied inputs (sh/cmd spawn, direct stdin injection, and stdout/stderr return). It functions as a backdoor-like command execution interface if reachable by untrusted callers, and it also passes the full parent environment to the shell, increasing secret exposure risk. Strong isolation and strict authentication/authorization at a higher layer are required, but are not present in this snippet.

This module is a high-risk Telegram remote administration/backdoor pattern. The /run command provides arbitrary shell command execution by passing Telegram-provided input directly to child_process.execAsync, and the bot returns command output/errors back to the chat—enabling both host compromise and data exfiltration. Additionally, if TELEGRAM_CHAT_IDS is unset/empty, authorization effectively becomes allow-all, making the RCE endpoint reachable by any Telegram chat that can message the bot. Treat the package as extremely dangerous unless authorization is tightly enforced and the /run functionality is removed or replaced with a strict command allowlist executed without a shell.

This code is a malicious supply-chain pattern: during installation it silently executes a shell-based curl to an embedded remote endpoint, transmitting local hostname and username as query parameters. Output and errors are suppressed and exceptions are swallowed to evade detection. This behavior is unrelated to the declared matrix-processing purpose and strongly indicates covert telemetry/exfiltration.

This module is highly suspicious and likely malicious. It self-installs by copying packaged source into a per-user hidden/cache directory, modifies package.json to remove postinstall/bin fields, performs a silent runtime `npm install` in that directory (supply-chain execution surface), writes a hardcoded remote SERVER_URL, establishes persistence across Windows/macOS/Linux using native autostart mechanisms, and starts the agent as a detached background process with minimal observability. Treat the package as a potential malware/unauthorized agent installer and avoid use in production environments.

This fragment is a high-confidence Windows credential/data stealer component. It specifically targets directories and filenames associated with secrets (SSH/AWS, browser 'Login Data' and 'Cookies', and app data for Discord/VSCode), filters to maximize useful loot, and returns an in-memory ZIP containing harvested sensitive files. While downstream exfiltration is not shown in the fragment, the harvesting+packaging behavior is directly consistent with malicious credential theft workflows.

This module is highly likely malicious: it is a Telegram-controlled backdoor that establishes persistence (Termux ~/.bashrc or Windows Run registry), hides the console window, executes attacker-supplied shell commands via subprocess.check_output with shell=True (/cmd), exfiltrates arbitrary local files via /dl, and writes attacker-supplied files to disk via /upload. It then beacons operational status (hostname/device) and remains available via an infinite bot.polling loop.

This module is highly consistent with malicious covert exfiltration via DNS tunneling. It captures local system/runtime information (environment usernames, command-line args, script absolute path, directory listing, local IP/hostname), encodes the data into DNS subdomain labels using a reversible reverse+hex scheme, frames transmissions with BEGIN/END markers, and sends crafted UDP/53 DNS queries to a hardcoded external server. The behavior is unambiguously aligned with data theft/exfiltration malware rather than benign functionality.

This module is highly suspicious and likely malicious. It self-installs by copying packaged source into a per-user hidden/cache directory, modifies package.json to remove postinstall/bin fields, performs a silent runtime `npm install` in that directory (supply-chain execution surface), writes a hardcoded remote SERVER_URL, establishes persistence across Windows/macOS/Linux using native autostart mechanisms, and starts the agent as a detached background process with minimal observability. Treat the package as a potential malware/unauthorized agent installer and avoid use in production environments.

High risk. This module performs a runtime network fetch of JavaScript from a public CDN and executes it via eval to set a global loader used for command execution primitives. That is a critical supply-chain/RCE pattern with the potential for full compromise. Additionally, it configures broad agent permissions (opencode.json), passes process.env to an external tool, executes shell-like pipelines via a dynamically sourced command-stream helper, and logs raw untrusted subprocess output (potential sensitive data exposure).

This module is strongly security-sensitive because it implements an eval-like “script hook” by compiling and executing code from a DOM attribute (${Env.prefix}${event}-after-run) using new Function. That single primitive enables arbitrary JavaScript execution in the page context when an attacker can influence the attribute content. Additional risks include navigation/redirect and history manipulation driven by DOM attributes, selector-driven DOM targeting with broad mutation capabilities, and propagation of network response data into binding/UI state.

This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.

This module contains a critical supply-chain/backdoor-style mechanism: it fetches JavaScript at runtime from an external CDN (unpkg) and executes it via eval. That single pattern makes the package extremely high risk because it enables arbitrary remote code execution in the installer/execution context. Additionally, the code uses child_process.exec with shell command strings interpolated from function parameters (owner/repo/issueNum), which can introduce command injection risks if inputs are not strictly controlled.

This module is not merely path handling: it provides capabilities to modify filesystem ownership/ACLs/attributes and, on Windows, can execute attacker-supplied command lines by generating and running an elevated batch script via UAC (-Verb RunAs). While there is no evidence of network exfiltration in this fragment, the combination of permission bypass + broad ACL grants + elevated arbitrary execution makes it a significant supply-chain security risk and should be reviewed/contained, especially if any inputs are influenced by untrusted data.

This code performs immediate outbound beaconing/exfiltration on import to a hardcoded external webhook, transmitting identifiable local information (hostname, user, OS) over HTTP. Silent exception handling and top-level execution strongly indicate stealthy telemetry rather than legitimate functionality. Treat this as malicious supply-chain behavior and block/remove the dependency; investigate systems where it may have been imported and consider incident response for potential data exposure.

This code is highly suspicious because it exposes direct remote filesystem operations: directory listing, arbitrary file reading (including base64 content exfiltration), and arbitrary file uploading (including chunked writes finalized onto the server filesystem). While safety may depend on the external runtime.resolvePath and authorization model, this module itself contains no robust sandbox/jail enforcement, access control, size/range validation for chunk writes, or strong transfer-ID protection. Functionally, it matches backdoor/RMM-style filesystem management capability and should be reviewed/locked down aggressively (or removed) if not intended for a trusted operator-only environment.

This code is highly likely malicious: it downloads and uses a remote payload (RISH/rish_shizuku.dex) without integrity checks, harvests extremely sensitive device data (contacts, SMS, call logs, identifiers, location/cache, security state), and exfiltrates it to a hardcoded Telegram bot. It also deletes local exported files afterward (anti-forensics). While it includes an AI chat feature, the background collection/upload makes it an information-stealing agent. Recommend not using and treat as a trojan/supply-chain compromise risk.

This module implements an unauthenticated local IPC service that directly executes arbitrary shell commands provided by the socket client via '/bin/bash -c' in detached background processes, while persisting stdout/stderr to per-job log files. It also supports attacker-driven stop/delete actions keyed by job_id, enabling process termination and log deletion based on stored job metadata. Regardless of intent, this is highly indicative of backdoor/agent-like command execution capability and should be treated as a serious security risk until access controls and deployment permissions (socket filesystem permissions, authentication, and db.js safeguards) are verified.

This fragment contains extremely high-risk functionality: it (1) reads and embeds arbitrary local file contents specified via @<path> tokens and (2) executes arbitrary shell commands specified via a leading !<cmd> using subprocess with shell=True, embedding stdout+stderr in the returned output. Output truncation/timeout limit impact magnitude but not the fundamental malicious capability. If reachable by untrusted text, it should be treated as a critical security issue and excluded or tightly sandboxed behind strict authorization and input allowlisting.

This module is extremely high risk: it includes unrestricted arbitrary command execution (exec/execSync) and arbitrary JavaScript execution (eval) that take caller-provided strings with no validation, alongside hardcoded credentials and deceptive/instruction-manipulation tool metadata. Even though the HTTP handler response is static in this snippet and no explicit exfiltration is shown here, the included capabilities strongly enable RCE, credential misuse, and downstream data theft if integrated elsewhere.

This code is best characterized as a CI-targeted credential-stealing and data-exfiltration backdoor. It performs anti-sandbox/CI gating, harvests sensitive environment variables and the full process environment from /proc/self/environ, and queries the AWS EC2 instance metadata service (169.254.169.254) to obtain IAM role credentials. It then exfiltrates all collected information to a hardcoded Telegram bot/chat over HTTPS, with error suppression to improve stealth. No legitimate business logic is present in this module.

This fragment implements a high-impact remote execution capability: a Socket.IO server can command the client to run arbitrary shell commands (interactive via PTY/spawn and remote stdin) and run embedded code via execSync (python -c shown), with configurable working directory and environment inheritance. Command output is streamed back to the remote server, enabling data exfiltration. No robust allowlisting or authorization controls are visible in the fragment. Treat this as extremely sensitive and potentially backdoor-like behavior unless the surrounding product context enforces strong authentication, authorization, and strict command constraints.

High risk. The package runs a postinstall script (postinstall.js) and depends on multiple libraries that enable machine fingerprinting, screen capture, input automation, local storage, image processing, and easy network exfiltration. If postinstall.js or other bundled code uses these libraries to contact remote servers or perform automated interaction, it could perform telemetry, data exfiltration, or remote control. You should inspect the contents of postinstall.js and audit any code that uses these powerful dependencies before allowing installation.

This code is performing DNS-based exfiltration/fingerprinting: it collects the local username and hostname, embeds them into the leftmost labels of a DNS query targeted at a hardcoded attacker-controlled OAST domain, and relies on the side-effect of the outbound DNS request (empty callback) to transmit the identifiers out-of-band. The fragment shows strong malicious intent with no benign application purpose.

This code establishes a strong supply-chain/sandbox-break capability by executing a local bash hook at session start and directly passing both serialized caller context (stdin) and essentially the full parent environment (env) to that script, while also suppressing errors. While the snippet itself shows no explicit malicious behavior beyond delegation, the data exposure (context + process.env) and silent error handling make this pattern high-risk and warrant review of the hooks/babysitter-proxied-session-start.sh behavior.

This code is highly suspicious because it exposes direct remote filesystem operations: directory listing, arbitrary file reading (including base64 content exfiltration), and arbitrary file uploading (including chunked writes finalized onto the server filesystem). While safety may depend on the external runtime.resolvePath and authorization model, this module itself contains no robust sandbox/jail enforcement, access control, size/range validation for chunk writes, or strong transfer-ID protection. Functionally, it matches backdoor/RMM-style filesystem management capability and should be reviewed/locked down aggressively (or removed) if not intended for a trusted operator-only environment.

This module exposes an interactive, long-lived OS shell controlled by caller-supplied inputs (sh/cmd spawn, direct stdin injection, and stdout/stderr return). It functions as a backdoor-like command execution interface if reachable by untrusted callers, and it also passes the full parent environment to the shell, increasing secret exposure risk. Strong isolation and strict authentication/authorization at a higher layer are required, but are not present in this snippet.

This module is a high-risk Telegram remote administration/backdoor pattern. The /run command provides arbitrary shell command execution by passing Telegram-provided input directly to child_process.execAsync, and the bot returns command output/errors back to the chat—enabling both host compromise and data exfiltration. Additionally, if TELEGRAM_CHAT_IDS is unset/empty, authorization effectively becomes allow-all, making the RCE endpoint reachable by any Telegram chat that can message the bot. Treat the package as extremely dangerous unless authorization is tightly enforced and the /run functionality is removed or replaced with a strict command allowlist executed without a shell.