Secure your dependencies. Ship with confidence.

While the code functionality appears legitimate for Umi framework testing, the suspicious package namespace '@stay.hungry07212' strongly suggests typosquatting of official packages, representing a significant supply chain security risk

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

The code imports several modules with unconventional names and calls a method named functame on each of them. The unusual module names and repeated use of a non-standard method suggest potential obfuscation or malicious intent. Further review of the imported modules is necessary to determine their legitimacy and behavior.

Live on npm for 57 days, 7 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This module exposes multiple high-risk capabilities: arbitrary shell execution (subprocess.run with shell=True), process spawning from untrusted input, and unrestricted filesystem modification (create, move, copy, delete) based on user-provided parameters. There are no input validations, privilege checks or limits. I assess this as not clearly malicious by intent (it implements utility functions), but it is easily abuseable and dangerous in contexts where inputs are untrusted. Treat this code as high security risk if incorporated into environments that handle external input or run with elevated privileges.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module provides functions that, when invoked, globally disable TLS certificate verification across the process and commonly used HTTP libraries and/or configure system proxy environment variables (including injecting credentials). The code itself does not contain obvious direct exfiltration or backdoor behavior, but it intentionally weakens security in a way that enables serious attacks (MitM, credential leakage). Use of these functions in production or in libraries that run in multi-tenant or user-facing contexts is dangerous. Treat calls to apply_aggressive_ssl_patches(False, ...) and apply_proxy_configuration(...) as high risk and avoid enabling them unless in isolated/test environments. Recommend removing global monkeypatching, avoiding storing credentials in environment variables, and providing scoped/context-managed, reversible behavior if such functionality is required.

Live on pypi for 49 minutes before removal. Socket users were protected even while the package was live.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

[Skill Scanner] Instruction directing agent to run/execute external content (AITech 9.1.4) [CI011]

This module contains high-risk behavior: it collects environment and system information, sends it to a remote endpoint, and executes whatever JavaScript the server returns with access to require and the module context. The presence of an example that triggers this flow at module load makes mere import dangerous. Treat this as a supply-chain backdoor/RCE vector. Do not use this package in production; remove or sandbox it and investigate any systems that have executed it.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code is malicious and performs unauthorized data exfiltration of sensitive system and package information to a suspicious external server. It poses a high security risk and should be considered malware. The code is not obfuscated but is designed to stealthily leak data without user consent.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The composer.json is highly suspicious and indicates high-risk malicious intent. It registers a Yii bootstrap class that will execute automatically and the package description explicitly states it reveals application information. Although no PHP source code is provided to prove active malicious functionality, the manifest creates a direct automatic execution capability and the declared intent matches common supply-chain malware patterns. Do not install or enable this package in production. If encountered in a dependency tree, treat it as compromised: remove it, audit for further indicators of compromise, and perform a full review of any installed package files in an isolated environment.

The code employs an embedded native library loaded at runtime through a Perl-based loader, exposing JSON data via an FFI interface. While this may enable modular functionality, it introduces significant supply-chain and runtime-security risks due to dynamic code execution, disk writes of executable payloads, and external interpreter dependencies. Unless the dylib is tightly audited, signed, and its loading is strictly controlled, this pattern is unsafe for long-term use. Consider eliminating the embedded payload approach in favor of a safe, statically linked, or clearly sandboxed plugin architecture with rigorous integrity checks.

[Skill Scanner] Natural language instruction to download and install from URL detected No explicit malicious code or obfuscation is present in the provided material; the package is a workflow/documentation for AI-assisted slide generation. The dominant security concern is the intended data flow to a third-party AI service: the documentation repeatedly instructs uploading local files and chaining attachments for style continuity, which creates a realistic risk of accidental exfiltration of sensitive or unpublished research artifacts. Operational best practices (avoid attaching confidential files, sanitize metadata, use secure credential handling, run in isolated environments) and verifying the remote provider’s data-retention/training policies are required to reduce risk. If used by automated agents with broad file-system access, the tooling increases the attack surface and should be constrained. LLM verification: This skill is not demonstrably malicious based on the provided text, but it presents moderate supply-chain and data-exfiltration risk because it encourages listing and attaching arbitrary local files and references a third-party key URL without documenting trusted endpoints or secure key handling. Recommendation: before use, require explicit user confirmations for each attachment, document and verify the exact service endpoints and owner, provide secure key-storage guidance, add warnings about u

This code fragment contains embedded malicious/update components. The SciChartUpdate.SciChartTestLib and WinX86/WinXComponents classes implement an updater/downloader that disables TLS validation, fetches encrypted executables from hard-coded remote endpoints, decrypts/unpacks them, and performs RunPE-style process injection into iexplore.exe to execute the payload. These behaviors are classic supply-chain/backdoor/malware patterns (remote code download, process hollowing, certificate validation bypass, background periodic polling). This is a high-severity supply-chain compromise; the package should not be used and any integrations should be considered compromised. Immediate actions: remove this package, block the decoded remote endpoints, and investigate systems where this library was installed for the downloader activity and execution traces.

The script is designed to send critical system information and environment variables to an external server, which is highly suspicious and indicative of malicious behavior.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.

The code uses suspicious obfuscation by base64 encoding and eval execution. Although the decoded payload is benign, this pattern is a common vector for malware or hidden malicious behavior. The provided reports are invalid and unhelpful. The code poses a moderate security risk due to the use of eval on obfuscated data, which can lead to arbitrary code execution if modified. It is recommended to avoid such patterns and conduct further dynamic analysis if this code is part of a larger system.

Live on npm for 4 days, 6 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module contains clear capability to read an arbitrary local file (hardcoded path in main) and upload it to a remote Telegram chat using an embedded bot token and chat id. The embedded credential and automatic upload constitute a high risk of data exfiltration if the code is run or distributed. Treat the token as compromised, revoke it, and remediate by removing hardcoded secrets and adding authentication/confirmation and secure secret management before trusting or publishing this code.

This code is intentionally malicious: it harvests sensitive developer credentials (GITHUB_TOKEN from env and ghp_* tokens from common config files) and exfiltrates them to a hardcoded external OAST domain. The pattern (silent errors, searching multiple config files, direct curl exec) is consistent with credential-stealing supply-chain malware/backdoor. Immediate actions: remove the package, audit systems where it ran, rotate any exposed credentials (GitHub tokens), and investigate access to the listed OAST domain.

While the code functionality appears legitimate for Umi framework testing, the suspicious package namespace '@stay.hungry07212' strongly suggests typosquatting of official packages, representing a significant supply chain security risk

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The purpose of this code appears to be collecting specific environment variables and package information, compressing and encoding it, and sending it over HTTP to a remote domain. The intent and purpose of this behavior are unclear from the provided code fragment alone.

Live on npm for 28 minutes before removal. Socket users were protected even while the package was live.

This module contains multiple security issues and at least one explicit indication of malicious intent. The error handler reflects util.inspect(err) into HTML responses (information disclosure and possible XSS) and interpolates authenticationUrl without validation. Most notably, the loginSuccess() page contains the text 'Sucessfully grabbed credentials!', which is a clear red flag — it strongly suggests the page is intended to display harvested credentials or confirm credential theft. Even if other parts are benign, the presence of that message plus unsafe leak of inspected error objects to clients makes this package unsafe to use. Recommend not using this code in production, auditing the repository for credential-harvesting behavior, removing util.inspect() from client responses, and validating/escaping any interpolated URLs and strings.

The code imports several modules with unconventional names and calls a method named functame on each of them. The unusual module names and repeated use of a non-standard method suggest potential obfuscation or malicious intent. Further review of the imported modules is necessary to determine their legitimacy and behavior.

Live on npm for 57 days, 7 hours and 51 minutes before removal. Socket users were protected even while the package was live.

This module exposes multiple high-risk capabilities: arbitrary shell execution (subprocess.run with shell=True), process spawning from untrusted input, and unrestricted filesystem modification (create, move, copy, delete) based on user-provided parameters. There are no input validations, privilege checks or limits. I assess this as not clearly malicious by intent (it implements utility functions), but it is easily abuseable and dangerous in contexts where inputs are untrusted. Treat this code as high security risk if incorporated into environments that handle external input or run with elevated privileges.

The Python module itself is not directly implementing typical malware behaviors, but it creates a high-risk execution surface: it runs local shell scripts (some with sudo) with unvalidated inputs and passes secrets on the command line. The deploy_fdb_from_file_service function contains a command-injection vulnerability (shell=True with joined args) and a coding bug (returncod typo). Recommend: remove shell=True; use argument lists always, avoid passing secrets via argv (use stdin, environment files with proper filesystem permissions, or secured IPC), eliminate unnecessary sudo calls and require callers to provide appropriate privileges if needed, validate/escape inputs (especially file paths), fix the returncod typo, and audit all invoked shell scripts before use. Treat package as risky until mitigations and script audits are performed.

This module provides functions that, when invoked, globally disable TLS certificate verification across the process and commonly used HTTP libraries and/or configure system proxy environment variables (including injecting credentials). The code itself does not contain obvious direct exfiltration or backdoor behavior, but it intentionally weakens security in a way that enables serious attacks (MitM, credential leakage). Use of these functions in production or in libraries that run in multi-tenant or user-facing contexts is dangerous. Treat calls to apply_aggressive_ssl_patches(False, ...) and apply_proxy_configuration(...) as high risk and avoid enabling them unless in isolated/test environments. Recommend removing global monkeypatching, avoiding storing credentials in environment variables, and providing scoped/context-managed, reversible behavior if such functionality is required.

Live on pypi for 49 minutes before removal. Socket users were protected even while the package was live.

This code collects system-identifying data (username, hostname, file path), hex-encodes it, constructs a domain under a hardcoded external base ('furb.pw') embedding that data into subdomain labels, and issues an HTTPS GET to that domain — a clear data-exfiltration pattern. The behavior is malicious or at minimum privacy-invasive telemetry sent to an external third party. The package should not be trusted or used without removal of the network exfiltration logic and a full audit.

This module’s entrypoint (index.js) immediately launches a detached, unobserved Node.js child process executing the local script ./lib/caller.js, passing it JSON-serialized arguments. The spawn call uses { detached: true, stdio: 'ignore' } combined with child.unref(), which ensures the background process continues after the parent exits and suppresses all output or errors. Such a pattern is frequently used to hide backdoor or exfiltration routines in supply-chain attacks. Since all sensitive activity is delegated to the concealed lib/caller.js and no logs or errors are surfaced, this code functions as a stealthy loader for arbitrary malicious payloads. Do not use or publish this package until every invocation of ./lib/caller.js is audited and its behavior fully understood.

[Skill Scanner] Instruction directing agent to run/execute external content (AITech 9.1.4) [CI011]

This module contains high-risk behavior: it collects environment and system information, sends it to a remote endpoint, and executes whatever JavaScript the server returns with access to require and the module context. The presence of an example that triggers this flow at module load makes mere import dangerous. Treat this as a supply-chain backdoor/RCE vector. Do not use this package in production; remove or sandbox it and investigate any systems that have executed it.

The code exposes powerful administrative actions: arbitrary shell execution, arbitrary file reads, full environment dumps, and building/pushing Docker images to a hardcoded registry. These are not obfuscated but are high-risk capabilities that can be abused for data exfiltration, remote code execution, and supply-chain leakage if the superuser authentication is compromised or misconfigured. The presence of a hardcoded remote image name for docker push is suspicious for unintended outbound artifact exfiltration. Recommendation: avoid including these endpoints in public packages or ensure strict, auditable authentication and input validation; remove hardcoded push targets and avoid returning full environment variables or arbitrary file contents.

The code is malicious and performs unauthorized data exfiltration of sensitive system and package information to a suspicious external server. It poses a high security risk and should be considered malware. The code is not obfuscated but is designed to stealthily leak data without user consent.

Live on npm for 9 minutes before removal. Socket users were protected even while the package was live.

The composer.json is highly suspicious and indicates high-risk malicious intent. It registers a Yii bootstrap class that will execute automatically and the package description explicitly states it reveals application information. Although no PHP source code is provided to prove active malicious functionality, the manifest creates a direct automatic execution capability and the declared intent matches common supply-chain malware patterns. Do not install or enable this package in production. If encountered in a dependency tree, treat it as compromised: remove it, audit for further indicators of compromise, and perform a full review of any installed package files in an isolated environment.

The code employs an embedded native library loaded at runtime through a Perl-based loader, exposing JSON data via an FFI interface. While this may enable modular functionality, it introduces significant supply-chain and runtime-security risks due to dynamic code execution, disk writes of executable payloads, and external interpreter dependencies. Unless the dylib is tightly audited, signed, and its loading is strictly controlled, this pattern is unsafe for long-term use. Consider eliminating the embedded payload approach in favor of a safe, statically linked, or clearly sandboxed plugin architecture with rigorous integrity checks.

[Skill Scanner] Natural language instruction to download and install from URL detected No explicit malicious code or obfuscation is present in the provided material; the package is a workflow/documentation for AI-assisted slide generation. The dominant security concern is the intended data flow to a third-party AI service: the documentation repeatedly instructs uploading local files and chaining attachments for style continuity, which creates a realistic risk of accidental exfiltration of sensitive or unpublished research artifacts. Operational best practices (avoid attaching confidential files, sanitize metadata, use secure credential handling, run in isolated environments) and verifying the remote provider’s data-retention/training policies are required to reduce risk. If used by automated agents with broad file-system access, the tooling increases the attack surface and should be constrained. LLM verification: This skill is not demonstrably malicious based on the provided text, but it presents moderate supply-chain and data-exfiltration risk because it encourages listing and attaching arbitrary local files and references a third-party key URL without documenting trusted endpoints or secure key handling. Recommendation: before use, require explicit user confirmations for each attachment, document and verify the exact service endpoints and owner, provide secure key-storage guidance, add warnings about u

This code fragment contains embedded malicious/update components. The SciChartUpdate.SciChartTestLib and WinX86/WinXComponents classes implement an updater/downloader that disables TLS validation, fetches encrypted executables from hard-coded remote endpoints, decrypts/unpacks them, and performs RunPE-style process injection into iexplore.exe to execute the payload. These behaviors are classic supply-chain/backdoor/malware patterns (remote code download, process hollowing, certificate validation bypass, background periodic polling). This is a high-severity supply-chain compromise; the package should not be used and any integrations should be considered compromised. Immediate actions: remove this package, block the decoded remote endpoints, and investigate systems where this library was installed for the downloader activity and execution traces.

The script is designed to send critical system information and environment variables to an external server, which is highly suspicious and indicative of malicious behavior.

Live on npm for 29 minutes before removal. Socket users were protected even while the package was live.

The code uses suspicious obfuscation by base64 encoding and eval execution. Although the decoded payload is benign, this pattern is a common vector for malware or hidden malicious behavior. The provided reports are invalid and unhelpful. The code poses a moderate security risk due to the use of eval on obfuscated data, which can lead to arbitrary code execution if modified. It is recommended to avoid such patterns and conduct further dynamic analysis if this code is part of a larger system.

Live on npm for 4 days, 6 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This module contains clear capability to read an arbitrary local file (hardcoded path in main) and upload it to a remote Telegram chat using an embedded bot token and chat id. The embedded credential and automatic upload constitute a high risk of data exfiltration if the code is run or distributed. Treat the token as compromised, revoke it, and remediate by removing hardcoded secrets and adding authentication/confirmation and secure secret management before trusting or publishing this code.

This code is intentionally malicious: it harvests sensitive developer credentials (GITHUB_TOKEN from env and ghp_* tokens from common config files) and exfiltrates them to a hardcoded external OAST domain. The pattern (silent errors, searching multiple config files, direct curl exec) is consistent with credential-stealing supply-chain malware/backdoor. Immediate actions: remove the package, audit systems where it ran, rotate any exposed credentials (GitHub tokens), and investigate access to the listed OAST domain.