Secure your dependencies. Ship with confidence.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

This bundle contains clearly malicious behavior: it uses a widget settings field (secondary_color) as a covert channel to deliver a payload that, when present, will install MutationObservers that watch for deposit-related UI and transaction tables, then replace displayed/copy-target addresses with attacker-controlled addresses and hook the copy-to-clipboard action to write the attacker's address. That is a targeted supply-chain attack against financial pages (address replacement to steal funds). It also collects extensive fingerprinting metadata and sends it to the Freeday backend. Do not use this package; treat it as compromised and potentially actively malicious.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The fragment implements a hidden command interception/instrumentation hook that leverages dynamic evaluation and external otel.sh sourcing. While instrumentation can be legitimate for observability, the combination of dynamic eval, environment-driven control, and aliasing BusyBox indicates a strong potential for covert data collection, command manipulation, or backdoor-like behavior. Treat as a supply-chain risk unless there is strong assurance of trusted, auditable tooling and strict access controls in the deployment environment.

This file contains a function that processes an input message by printing it locally and sending it via an HTTP POST request to an external API endpoint (https://api.example.com/bot<TOKEN>/sendMessage?chat_id=<CHANNEL_ID>&text=<MESSAGE>). The function uses hardcoded sensitive credentials—a bot token and channel ID—which, if compromised, could allow an attacker to exfiltrate data from systems where the code is deployed. By automatically forwarding any given message to a predetermined external channel, the function establishes a covert channel for data leakage, presenting a significant security risk.

This code contains multiple clear malicious behaviors: automated account takeover and manipulation of Google accounts via remote browser control, exfiltration of browser profile data (cookies, history, stored credentials) by copying and uploading Chrome app data, and an explicit remote-code-execution vector (injected JS that fetches and executes Python from Firebase). It requires privileged device access (ADB, possibly root) and is designed to steal account/browser data and run arbitrary remote code. Do not run or include this package; treat it as malicious.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 11 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This file is an offensive brute-force/credential-stuffing utility that attempts to crack admin login forms, including CAPTCHA bypass via OCR. It auto-installs/updates an external package at import time (supply-chain risk), uses multi-threaded attacks without rate-limiting, writes predictable temporary files, and returns/prints discovered credentials. The code is malicious in purpose and dangerous to run; do not execute it. Review and block usage, and treat the included 'exp10it' dependency as untrusted until its code is audited.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The source code is collecting sensitive system information and sending it to an external server without user consent. This constitutes a serious security risk and is considered malicious behavior.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

The code contains a potentially risky shell command execution vulnerability that could be exploited for malicious purposes.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

This code is a control-plane component of a C2 framework (Sliver). It deliberately opens network listeners (including staging endpoints to serve payloads), and modifies system WireGuard configuration based on events. In a red-team or pentest environment with authorization this is expected behavior; in any other environment this is malicious functionality. The fragment contains no obfuscation or hidden credential harvesting, but its capabilities (staging, implant delivery, tunnel management) make it dangerous if deployed without authorization. Review and restrict usage to authorized environments and inspect other modules for any telemetry or exfiltration logic.

[Skill Scanner] Installation of third-party script detected No direct malware or obfuscated backdoor code was found in the provided documentation and examples. The Azure Event Grid SDK usage is consistent and benign. The AGI Framework Integration section, however, introduces additional components (memory_manager.py, Qdrant, nomic-embed-text, Ollama) that expand the skill's footprint and create a realistic risk of data leakage or credential exposure if users store sensitive event data or credentials in the memory/index systems or send sensitive content to external embedding/inference services. This is scope creep from a pure SDK doc and should be treated as 'suspicious' for supply-chain risk: review the memory_manager implementation, hosting/configuration of Qdrant and embedding services, and add explicit warnings and access controls before using the memory/storage features with production secrets. LLM verification: The provided documentation/examples are consistent with legitimate use of the Azure Event Grid SDK. No explicit malicious code or obfuscation is present. The main security concerns are expanded trust boundaries introduced by the AGI integration (memory/embeddings/orchestrator) and poor supply-chain hygiene (unpinned dependencies). These create realistic risks of accidental data exfiltration or dependency-based supply-chain compromise. Recommend pinning dependencies, treating embedding providers

This script implements a multi-threaded UDP flood tool that repeatedly sends 4KB UDP packets to the hardcoded target 8.8.8.8:53 until interrupted. It lacks rate limiting, validation, error handling, and proper cleanup. Targeting a public DNS server is abusive and can be used to perform denial-of-service attacks; running it against third-party infrastructure is unethical and may be illegal. The code is not obfuscated but is purpose-built to generate disruptive network traffic. Do not run this outside of an isolated, authorized test environment. Note: the provided fragment contains a syntax error (missing parenthesis) that must be fixed before execution.

Live on pypi for 13 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This module contains a downloader that retrieves an executable from a hardcoded remote URL (obfuscated via base64), writes it into the user's profile directory as 'win32dll.exe', and launches it hidden. The behavior is strongly indicative of malicious dropper activity. There are deliberate-obfuscation and stealth techniques (string assembly, base64, CREATE_NO_WINDOW, suppressed exceptions). Do not run or import this code in a trusted environment; treat it as malicious and remove or quarantine the package.

Live on pypi for 7 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code is designed for tracking user interactions and managing GDPR compliance. However, it sends potentially sensitive data to a hardcoded API endpoint without clear user consent mechanisms, posing privacy risks. The domain's legitimacy should be verified to assess potential malicious intent.

Live on npm for 37 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Backtick command substitution detected The skill description is purpose-aligned and internally coherent: it describes building reusable Hugging Face API tooling with appropriate authentication guidance, reference implementations, and composable patterns. There are no malicious patterns detected in the provided content, and the data flow is limited to legitimate API access and local script orchestration. Security risk is present primarily in how tokens are used (environment variable) and should be mitigated by ensuring proper logging/privacy in real implementations. LLM verification: The skill fragment appears benign with respect to purpose, execution flow, and data handling. The main risk areas are standard credential hygiene and avoiding leakage of HF_TOKEN in logs or shell history. The documented backtick example is a documentation artifact rather than active code. Implementers should sanitize inputs and ensure credentials are not logged. Overall footprint aligns with the goal of Hugging Face API tool building.

This script silently collects the host machine's hostname (via os.hostname()) and an optional project identifier (from process.argv[2], defaulting to "unknown"), packages them into a JSON string, URL-encodes the result, and issues an HTTPS GET request to https://z0[.]rs/callback?msg=<payload>. It explicitly disables TLS certificate validation (rejectUnauthorized:false) and suppresses errors, enabling transmission of system information without user notification or consent. The disabled TLS verification exposes the data to potential man-in-the-middle interception. While the data collected is limited to hostname and project ID, this constitutes unauthorized telemetry that operates without user awareness or consent.

Live on npm for 9 days, 11 hours and 28 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The flagged file is a malicious data-exfiltration script. It gathers sensitive system details (os.homedir(), os.hostname(), os.userInfo().username, dns.getServers()), __dirname, and the entire package.json, serializes them into a URL-encoded payload, and issues an HTTPS POST to d1r8hatsvpalignumrvge6giibndmmmgg[.]oast[.]site. Comments reference burpcollaborator, Interactsh, and pipedream—common OAST/exploitation tools—and error output is suppressed to avoid detection. There is no legitimate purpose or user notification for this data collection and transmission.

Live on npm for 9 days, 5 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This code provides clear backdoor-like functionality: unauthenticated remote command execution (child_process.exec driven by HTTP POST), predictable persistent configuration of a remote server in the user's home, and explicit file exfiltration capabilities (reading local files and POSTing them to the configured server). Combined with static file serving and file upload handling, this module can expose and extract local data and allow remote arbitrary command execution. Treat this module as high risk/malicious if encountered in third-party dependencies; it should not be run in untrusted environments and requires removal or sandboxing and further audit before any use.

The code contains an injected, targeted, disruptive payload: for users with Russian locales and matching hosts it will, after a time-based condition, disable pointer events and auto-play a looping audio file loaded from a hardcoded external domain. This behavior is unrelated to a modal/dialog library and appears malicious (or at least a sabotage/prank). Treat this package as compromised and avoid use until the source of this injection is removed and integrity is verified.

This bundle contains clearly malicious behavior: it uses a widget settings field (secondary_color) as a covert channel to deliver a payload that, when present, will install MutationObservers that watch for deposit-related UI and transaction tables, then replace displayed/copy-target addresses with attacker-controlled addresses and hook the copy-to-clipboard action to write the attacker's address. That is a targeted supply-chain attack against financial pages (address replacement to steal funds). It also collects extensive fingerprinting metadata and sends it to the Freeday backend. Do not use this package; treat it as compromised and potentially actively malicious.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The fragment implements a hidden command interception/instrumentation hook that leverages dynamic evaluation and external otel.sh sourcing. While instrumentation can be legitimate for observability, the combination of dynamic eval, environment-driven control, and aliasing BusyBox indicates a strong potential for covert data collection, command manipulation, or backdoor-like behavior. Treat as a supply-chain risk unless there is strong assurance of trusted, auditable tooling and strict access controls in the deployment environment.

This file contains a function that processes an input message by printing it locally and sending it via an HTTP POST request to an external API endpoint (https://api.example.com/bot<TOKEN>/sendMessage?chat_id=<CHANNEL_ID>&text=<MESSAGE>). The function uses hardcoded sensitive credentials—a bot token and channel ID—which, if compromised, could allow an attacker to exfiltrate data from systems where the code is deployed. By automatically forwarding any given message to a predetermined external channel, the function establishes a covert channel for data leakage, presenting a significant security risk.

This code contains multiple clear malicious behaviors: automated account takeover and manipulation of Google accounts via remote browser control, exfiltration of browser profile data (cookies, history, stored credentials) by copying and uploading Chrome app data, and an explicit remote-code-execution vector (injected JS that fetches and executes Python from Firebase). It requires privileged device access (ADB, possibly root) and is designed to steal account/browser data and run arbitrary remote code. Do not run or include this package; treat it as malicious.

[Skill Scanner] Pipe-to-shell or eval pattern detected (AITech 9.1.4) [CI013]

This file contains a concealed downloader/backdoor: an obfuscated IIFE decodes platform-specific shell commands that fetch and execute remote payloads (URLs embedded in byte arrays). Executing or importing this module will cause the host to run remote commands and possibly install/run binaries. Treat this package as malicious and a critical supply-chain threat — remove and do not run. Investigate systems where this version was installed for executed payloads and persistence.

Live on npm for 11 hours and 56 minutes before removal. Socket users were protected even while the package was live.

This file is an offensive brute-force/credential-stuffing utility that attempts to crack admin login forms, including CAPTCHA bypass via OCR. It auto-installs/updates an external package at import time (supply-chain risk), uses multi-threaded attacks without rate-limiting, writes predictable temporary files, and returns/prints discovered credentials. The code is malicious in purpose and dangerous to run; do not execute it. Review and block usage, and treat the included 'exp10it' dependency as untrusted until its code is audited.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

The source code is collecting sensitive system information and sending it to an external server without user consent. This constitutes a serious security risk and is considered malicious behavior.

Live on npm for 10 minutes before removal. Socket users were protected even while the package was live.

The code contains a potentially risky shell command execution vulnerability that could be exploited for malicious purposes.

The code presents a strong supply-chain and remote-execution risk by automatically downloading and executing remote Python payloads without integrity checks or sandboxing. It also creates and runs external services (Jupyter, Visdom, RStudio) based on user inputs, which can amplify impact if the remote payload is malicious. Mitigations include removing remote code execution paths, adding cryptographic verification (signatures or hash checks), isolating execution (sandboxes or containerization), validating inputs, and avoiding untrusted downloads or executions.

This code is a control-plane component of a C2 framework (Sliver). It deliberately opens network listeners (including staging endpoints to serve payloads), and modifies system WireGuard configuration based on events. In a red-team or pentest environment with authorization this is expected behavior; in any other environment this is malicious functionality. The fragment contains no obfuscation or hidden credential harvesting, but its capabilities (staging, implant delivery, tunnel management) make it dangerous if deployed without authorization. Review and restrict usage to authorized environments and inspect other modules for any telemetry or exfiltration logic.

[Skill Scanner] Installation of third-party script detected No direct malware or obfuscated backdoor code was found in the provided documentation and examples. The Azure Event Grid SDK usage is consistent and benign. The AGI Framework Integration section, however, introduces additional components (memory_manager.py, Qdrant, nomic-embed-text, Ollama) that expand the skill's footprint and create a realistic risk of data leakage or credential exposure if users store sensitive event data or credentials in the memory/index systems or send sensitive content to external embedding/inference services. This is scope creep from a pure SDK doc and should be treated as 'suspicious' for supply-chain risk: review the memory_manager implementation, hosting/configuration of Qdrant and embedding services, and add explicit warnings and access controls before using the memory/storage features with production secrets. LLM verification: The provided documentation/examples are consistent with legitimate use of the Azure Event Grid SDK. No explicit malicious code or obfuscation is present. The main security concerns are expanded trust boundaries introduced by the AGI integration (memory/embeddings/orchestrator) and poor supply-chain hygiene (unpinned dependencies). These create realistic risks of accidental data exfiltration or dependency-based supply-chain compromise. Recommend pinning dependencies, treating embedding providers

This script implements a multi-threaded UDP flood tool that repeatedly sends 4KB UDP packets to the hardcoded target 8.8.8.8:53 until interrupted. It lacks rate limiting, validation, error handling, and proper cleanup. Targeting a public DNS server is abusive and can be used to perform denial-of-service attacks; running it against third-party infrastructure is unethical and may be illegal. The code is not obfuscated but is purpose-built to generate disruptive network traffic. Do not run this outside of an isolated, authorized test environment. Note: the provided fragment contains a syntax error (missing parenthesis) that must be fixed before execution.

Live on pypi for 13 hours and 24 minutes before removal. Socket users were protected even while the package was live.

This module contains a downloader that retrieves an executable from a hardcoded remote URL (obfuscated via base64), writes it into the user's profile directory as 'win32dll.exe', and launches it hidden. The behavior is strongly indicative of malicious dropper activity. There are deliberate-obfuscation and stealth techniques (string assembly, base64, CREATE_NO_WINDOW, suppressed exceptions). Do not run or import this code in a trusted environment; treat it as malicious and remove or quarantine the package.

Live on pypi for 7 hours and 36 minutes before removal. Socket users were protected even while the package was live.

The code is designed for tracking user interactions and managing GDPR compliance. However, it sends potentially sensitive data to a hardcoded API endpoint without clear user consent mechanisms, posing privacy risks. The domain's legitimacy should be verified to assess potential malicious intent.

Live on npm for 37 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Backtick command substitution detected The skill description is purpose-aligned and internally coherent: it describes building reusable Hugging Face API tooling with appropriate authentication guidance, reference implementations, and composable patterns. There are no malicious patterns detected in the provided content, and the data flow is limited to legitimate API access and local script orchestration. Security risk is present primarily in how tokens are used (environment variable) and should be mitigated by ensuring proper logging/privacy in real implementations. LLM verification: The skill fragment appears benign with respect to purpose, execution flow, and data handling. The main risk areas are standard credential hygiene and avoiding leakage of HF_TOKEN in logs or shell history. The documented backtick example is a documentation artifact rather than active code. Implementers should sanitize inputs and ensure credentials are not logged. Overall footprint aligns with the goal of Hugging Face API tool building.

This script silently collects the host machine's hostname (via os.hostname()) and an optional project identifier (from process.argv[2], defaulting to "unknown"), packages them into a JSON string, URL-encodes the result, and issues an HTTPS GET request to https://z0[.]rs/callback?msg=<payload>. It explicitly disables TLS certificate validation (rejectUnauthorized:false) and suppresses errors, enabling transmission of system information without user notification or consent. The disabled TLS verification exposes the data to potential man-in-the-middle interception. While the data collected is limited to hostname and project ID, this constitutes unauthorized telemetry that operates without user awareness or consent.

Live on npm for 9 days, 11 hours and 28 minutes before removal. Socket users were protected even while the package was live.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

The flagged file is a malicious data-exfiltration script. It gathers sensitive system details (os.homedir(), os.hostname(), os.userInfo().username, dns.getServers()), __dirname, and the entire package.json, serializes them into a URL-encoded payload, and issues an HTTPS POST to d1r8hatsvpalignumrvge6giibndmmmgg[.]oast[.]site. Comments reference burpcollaborator, Interactsh, and pipedream—common OAST/exploitation tools—and error output is suppressed to avoid detection. There is no legitimate purpose or user notification for this data collection and transmission.

Live on npm for 9 days, 5 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This code provides clear backdoor-like functionality: unauthenticated remote command execution (child_process.exec driven by HTTP POST), predictable persistent configuration of a remote server in the user's home, and explicit file exfiltration capabilities (reading local files and POSTing them to the configured server). Combined with static file serving and file upload handling, this module can expose and extract local data and allow remote arbitrary command execution. Treat this module as high risk/malicious if encountered in third-party dependencies; it should not be run in untrusted environments and requires removal or sandboxing and further audit before any use.