Secure your dependencies. Ship with confidence.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This skill is a high-risk offensive security capability for AI agents. Its purpose and capabilities are internally consistent, but that purpose is Windows privilege escalation, credential dumping, persistence, and evasion; this makes it dangerous by design and inappropriate for general agent deployment without strict human control and authorization boundaries.

The code includes legitimate-looking server utilities, but also contains functionality that fingerprints the host and exfiltrates local configuration and secrets (provider connections and API keys) to a remote CLOUD_URL when cloud syncing is enabled. This is a privacy-sensitive and potentially dangerous behavior if CLOUD_URL is uncontrolled or if the user is unaware. If intended (part of an opt-in cloud sync feature), document and secure consent; if not intended, consider it malicious/exfiltrative. Recommend auditing cloud endpoint, restricting what is sent, adding explicit opt-in and redaction of secrets, and reviewing exec/file access.

The install-time behavior itself is not directly executing remote code or obvious malware: it only sets executable permission on the packaged CLI. However, the package explicitly exposes modules and example scripts for cyber/real-cyber attacks and provides convenient demo commands to run them. This makes the package high-risk and potentially malicious or dual-use. If you intend to install or run its CLI/examples, inspect the source (especially dist/core/* and examples/*) carefully and avoid running the provided cyber demos on production or internet-connected systems.

This code enables privileged remote access (root SSH) and automatically exposes and publishes the connection endpoint to an external service. That combination creates a high-risk supply-chain/remote-access vector: it changes system configuration, sets root credentials, runs a third-party binary (ngrok) to tunnel SSH, and exfiltrates the public endpoint. Even though the fragment contains syntax errors and would need fixing to run, the intended behavior is dangerous. Treat this code as potentially malicious or at minimum as extremely risky for use in shared/cloud environments.

The snippet embodies a high-severity security risk: it accepts an opaque payload from an environment variable, deletes existing cryptographic material, and unpacks content into the home directory without integrity checks. This is characteristic of backdoor or cryptographic material manipulation vectors and should be blocked or tightly controlled (disable such payload channels, enforce signature verification, sandboxed execution, and restricted extraction destinations).

The code contains a highly suspicious dynamic code execution path guarded by a secret key, with heavy obfuscation and input-derived payload generation. This pattern is a strong indicator of potential backdoors or runtime tampering and represents a high security risk for a library intended for public use. Recommend removing dynamic evaluation or replacing with a secure, statically analyzable mechanism, and performing a thorough audit of how e and t are sourced in builds. If kept, require strict integrity checks and exposure minimization.

This module is explicitly designed to harvest Discord authentication tokens from a Windows machine by reading LevelDB data and decrypting DPAPI-protected blobs via PowerShell, plus probing the Windows Credential Manager for Discord entries. The code itself returns found tokens to its caller; while it does not perform network exfiltration inside this fragment, returning credentials to calling code is sufficient to enable credential theft if the caller transmits or stores the token. This behavior is malicious or at least highly privacy-invasive for typical applications and should be treated as a supply-chain risk.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

This install script collects local environment and host-identifying information and sends it to an external server without user consent or visible purpose. This constitutes telemetry and possible data exfiltration. It poses a high security risk — the collected data can aid tracking, profiling, or targeted attacks. Treat this package as malicious or at minimum unsafe and avoid installing it without further investigation and explicit justification for this behavior.

This module is a cryptocurrency-mining application disguised as a “Math Quiz” UI. It delegates mining start/stop and persistence/consent behavior to the opt_in_miner crate, and it unconditionally calls miner.start() after initialization when configured wallet/sources are available. It also supports enabling Persistence::Save and provides unauthenticated runtime controls for CPU/thread usage and mining toggles. While this snippet shows no obfuscation or unsafe Rust constructs, the overall intent and control surface indicate a serious supply-chain/security risk consistent with cryptomining behavior.

The code poses a significant security risk as it downloads and executes an external executable without user consent or verification. This behavior is indicative of potential malware, as it could lead to unauthorized actions on the user's system.

Live on npm for 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

This file defines a large local dumpJSON array and then, unconditionally when imported, uses a hard-coded cookie (including a login_token JWT) plus static aiStudioUrl (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio) and datasetId to authenticate and issue fetch GET to /api/datasets/{datasetId}/documents?page=1&size=100, followed by PUT or POST requests to /api/datasets/{datasetId}/documents/{id}/text or /api/datasets/{datasetId}/documents/text. Each request includes the entire JSON-stringified dumpJSON content, resulting in silent, unauthorized exfiltration of potentially sensitive data. This side-effect runs at module load with no user consent, no opt-in API, and hard-coded secrets, representing a high-risk supply-chain backdoor.

The code contains suspicious behavior by sending Ethereum addresses derived from private keys to an unknown external server without user consent. This constitutes a privacy breach and potential data exfiltration. The base64 encoding of the URL indicates an attempt to obscure this behavior. While no direct malware such as system damage or credential theft is present, the data exfiltration is a significant security risk. The code is not obfuscated beyond the URL encoding. Overall, this package poses a moderate to high security risk and should be treated with caution.

The code collects and sends detailed system information to an external server without user consent, which is considered malicious behavior. This poses a high security risk due to potential unauthorized data transmission and privacy violations.

Live on npm for 12 days, 17 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This script is designed to exfiltrate sensitive information from the system to an external server, making it highly malicious and dangerous.

Live on npm for 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 13 days, 5 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This code fragment implements remote access/tunneling agent functionality: it accepts commands over a tunnel, can spawn an interactive shell piped to the remote side, and performs arbitrary filesystem operations (list, upload, mkdir, delete, rename, copy, move). Those behaviors are consistent with a backdoor/remote-administration trojan. If included in a package or run on a machine without explicit, trusted purpose, it represents a severe supply-chain and runtime risk. Avoid running or installing this component unless its purpose is explicitly trusted and it is run in a tightly controlled environment. The code lacks sufficient validation or sandboxing of remote inputs and therefore is highly dangerous in typical contexts.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The postinstall script executes TypeScript source in ./src/index.ts via ts-node at install time. This is potentially dangerous because it executes unreviewed code with user privileges and could perform data exfiltration, install backdoors, add git hooks, modify the system, or run arbitrary commands. You should inspect the contents of src/index.ts (and any files it loads or network endpoints it contacts) before installing. Prefer removing/disabling the postinstall hook or moving ts-node to devDependencies and performing build steps as part of CI rather than at install time.

This install script is malicious: it attempts to send host, user and the full environment (base64-encoded) to an external server during package installation. The presence of an insecure HTTP POST and additional HTTPS GET to an external domain, combined with the metadata text indicating compromise, makes this a high-risk data-exfiltration backdoor. Do not install this package; inspect systems where it was installed and rotate any exposed credentials.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

该代码在 removeSudoPassword() 中具有潜在的高风险后门行为：向 /etc/sudoers 写入免密码授权，若被滥用可获得广泛的系统控制权限。这构成明显的安全风险和恶意利用点，属于可用来进行持久化权限提升的重大漏洞。其余部分为正常的 CLI 工具功能，但需要对该隐患进行修复、移除或加入显式的权限审计和用户确认流程。

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 15 minutes before removal. Socket users were protected even while the package was live.

This skill is a high-risk offensive security capability for AI agents. Its purpose and capabilities are internally consistent, but that purpose is Windows privilege escalation, credential dumping, persistence, and evasion; this makes it dangerous by design and inappropriate for general agent deployment without strict human control and authorization boundaries.

The code includes legitimate-looking server utilities, but also contains functionality that fingerprints the host and exfiltrates local configuration and secrets (provider connections and API keys) to a remote CLOUD_URL when cloud syncing is enabled. This is a privacy-sensitive and potentially dangerous behavior if CLOUD_URL is uncontrolled or if the user is unaware. If intended (part of an opt-in cloud sync feature), document and secure consent; if not intended, consider it malicious/exfiltrative. Recommend auditing cloud endpoint, restricting what is sent, adding explicit opt-in and redaction of secrets, and reviewing exec/file access.

The install-time behavior itself is not directly executing remote code or obvious malware: it only sets executable permission on the packaged CLI. However, the package explicitly exposes modules and example scripts for cyber/real-cyber attacks and provides convenient demo commands to run them. This makes the package high-risk and potentially malicious or dual-use. If you intend to install or run its CLI/examples, inspect the source (especially dist/core/* and examples/*) carefully and avoid running the provided cyber demos on production or internet-connected systems.

This code enables privileged remote access (root SSH) and automatically exposes and publishes the connection endpoint to an external service. That combination creates a high-risk supply-chain/remote-access vector: it changes system configuration, sets root credentials, runs a third-party binary (ngrok) to tunnel SSH, and exfiltrates the public endpoint. Even though the fragment contains syntax errors and would need fixing to run, the intended behavior is dangerous. Treat this code as potentially malicious or at minimum as extremely risky for use in shared/cloud environments.

The snippet embodies a high-severity security risk: it accepts an opaque payload from an environment variable, deletes existing cryptographic material, and unpacks content into the home directory without integrity checks. This is characteristic of backdoor or cryptographic material manipulation vectors and should be blocked or tightly controlled (disable such payload channels, enforce signature verification, sandboxed execution, and restricted extraction destinations).

The code contains a highly suspicious dynamic code execution path guarded by a secret key, with heavy obfuscation and input-derived payload generation. This pattern is a strong indicator of potential backdoors or runtime tampering and represents a high security risk for a library intended for public use. Recommend removing dynamic evaluation or replacing with a secure, statically analyzable mechanism, and performing a thorough audit of how e and t are sourced in builds. If kept, require strict integrity checks and exposure minimization.

This module is explicitly designed to harvest Discord authentication tokens from a Windows machine by reading LevelDB data and decrypting DPAPI-protected blobs via PowerShell, plus probing the Windows Credential Manager for Discord entries. The code itself returns found tokens to its caller; while it does not perform network exfiltration inside this fragment, returning credentials to calling code is sufficient to enable credential theft if the caller transmits or stores the token. This behavior is malicious or at least highly privacy-invasive for typical applications and should be treated as a supply-chain risk.

The provided specification is a legitimate tool description for managing Feishu permissions and does not itself contain code-level indicators of malware, obfuscation, or backdoors. The main security risks are operational: acceptance and use of a high-privilege token without guidance on secure handling, and the absence of explicit API endpoints which creates uncertainty about where tokens/requests will be sent. Recommendations: keep the tool disabled by default; require explicit opt-in and documented network endpoints that must be verified to be official Feishu APIs; enforce least-privilege, short-lived tokens; implement logging redaction and audit trails; and perform code review on any implementation to ensure tokens are not logged, persisted insecurely, or proxied through third parties.

This install script collects local environment and host-identifying information and sends it to an external server without user consent or visible purpose. This constitutes telemetry and possible data exfiltration. It poses a high security risk — the collected data can aid tracking, profiling, or targeted attacks. Treat this package as malicious or at minimum unsafe and avoid installing it without further investigation and explicit justification for this behavior.

This module is a cryptocurrency-mining application disguised as a “Math Quiz” UI. It delegates mining start/stop and persistence/consent behavior to the opt_in_miner crate, and it unconditionally calls miner.start() after initialization when configured wallet/sources are available. It also supports enabling Persistence::Save and provides unauthenticated runtime controls for CPU/thread usage and mining toggles. While this snippet shows no obfuscation or unsafe Rust constructs, the overall intent and control surface indicate a serious supply-chain/security risk consistent with cryptomining behavior.

The code poses a significant security risk as it downloads and executes an external executable without user consent or verification. This behavior is indicative of potential malware, as it could lead to unauthorized actions on the user's system.

Live on npm for 3 hours and 55 minutes before removal. Socket users were protected even while the package was live.

This file defines a large local dumpJSON array and then, unconditionally when imported, uses a hard-coded cookie (including a login_token JWT) plus static aiStudioUrl (https://bbqa2t5pfyfroyobmzknmktshckzto4btkfagxyjqwy[.]did[.]abtnet[.]io/ai-studio) and datasetId to authenticate and issue fetch GET to /api/datasets/{datasetId}/documents?page=1&size=100, followed by PUT or POST requests to /api/datasets/{datasetId}/documents/{id}/text or /api/datasets/{datasetId}/documents/text. Each request includes the entire JSON-stringified dumpJSON content, resulting in silent, unauthorized exfiltration of potentially sensitive data. This side-effect runs at module load with no user consent, no opt-in API, and hard-coded secrets, representing a high-risk supply-chain backdoor.

The code contains suspicious behavior by sending Ethereum addresses derived from private keys to an unknown external server without user consent. This constitutes a privacy breach and potential data exfiltration. The base64 encoding of the URL indicates an attempt to obscure this behavior. While no direct malware such as system damage or credential theft is present, the data exfiltration is a significant security risk. The code is not obfuscated beyond the URL encoding. Overall, this package poses a moderate to high security risk and should be treated with caution.

The code collects and sends detailed system information to an external server without user consent, which is considered malicious behavior. This poses a high security risk due to potential unauthorized data transmission and privacy violations.

Live on npm for 12 days, 17 hours and 10 minutes before removal. Socket users were protected even while the package was live.

This script is designed to exfiltrate sensitive information from the system to an external server, making it highly malicious and dangerous.

Live on npm for 4 hours and 54 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and transmitting sensitive system information to an external server without user consent. This poses a high security risk and potential for data theft.

Live on npm for 13 days, 5 hours and 15 minutes before removal. Socket users were protected even while the package was live.

This code fragment implements remote access/tunneling agent functionality: it accepts commands over a tunnel, can spawn an interactive shell piped to the remote side, and performs arbitrary filesystem operations (list, upload, mkdir, delete, rename, copy, move). Those behaviors are consistent with a backdoor/remote-administration trojan. If included in a package or run on a machine without explicit, trusted purpose, it represents a severe supply-chain and runtime risk. Avoid running or installing this component unless its purpose is explicitly trusted and it is run in a tightly controlled environment. The code lacks sufficient validation or sandboxing of remote inputs and therefore is highly dangerous in typical contexts.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on pypi for 5 days, 5 hours and 33 minutes before removal. Socket users were protected even while the package was live.

The postinstall script executes TypeScript source in ./src/index.ts via ts-node at install time. This is potentially dangerous because it executes unreviewed code with user privileges and could perform data exfiltration, install backdoors, add git hooks, modify the system, or run arbitrary commands. You should inspect the contents of src/index.ts (and any files it loads or network endpoints it contacts) before installing. Prefer removing/disabling the postinstall hook or moving ts-node to devDependencies and performing build steps as part of CI rather than at install time.

This install script is malicious: it attempts to send host, user and the full environment (base64-encoded) to an external server during package installation. The presence of an insecure HTTP POST and additional HTTPS GET to an external domain, combined with the metadata text indicating compromise, makes this a high-risk data-exfiltration backdoor. Do not install this package; inspect systems where it was installed and rotate any exposed credentials.

Live on npm for 16 minutes before removal. Socket users were protected even while the package was live.

该代码在 removeSudoPassword() 中具有潜在的高风险后门行为：向 /etc/sudoers 写入免密码授权，若被滥用可获得广泛的系统控制权限。这构成明显的安全风险和恶意利用点，属于可用来进行持久化权限提升的重大漏洞。其余部分为正常的 CLI 工具功能，但需要对该隐患进行修复、移除或加入显式的权限审计和用户确认流程。