Secure your dependencies. Ship with confidence.

This source file implements a network pivot/listener component of the Sliver implant framework, enabling encrypted peer-to-peer pivoting and forwarding of protobuf-based C2 envelopes. Behavior is consistent with a remote control implant component and therefore presents high security risk in most benign deployment contexts (it is explicitly an implant/C2 artifact). The code itself does not show obfuscation or obvious credential harvesting beyond normal C2 functionality, but it forwards potentially arbitrary data upstream and downstream which can be used for command-and-control and data exfiltration. Use of this code in a project should be considered malicious unless the package is intentionally used in an offensive security context with appropriate authorization.

No explicit malware (no remote shell, no obfuscation, no code injection). However, there is a significant supply-chain/privacy/credential risk: a hardcoded proxy URL with embedded credentials is set and used (via DI) to route requests to an external host, and the script actively accesses local cameras and logs system information. This could enable data leakage or misuse if the proxy host is malicious. Recommend removing hardcoded credentials, avoid enabling camera checks by default, add request timeouts, and avoid logging sensitive system data.

This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.

This file contains a high-confidence malicious backdoor: an unconditional runtime HTTP fetch of JavaScript from a hardcoded external URL followed by eval() of the fetched content. That pattern enables remote arbitrary code execution in any process that requires this module and constitutes a critical supply-chain compromise. The remainder of the file implements a benign Accepts helper, but the injected fetch+eval must be treated as malicious. Remove the module, revert to a trusted version, and perform wide security remediation and secret rotation.

This module implements active runtime modification of mlflow serving behavior and includes a clear data-exfiltration step: PatchedPyFuncModel.predict sends model-derived data to Datadog using a hardcoded API key. The module also runs shell commands to create conda environments, pip-install packages at serve time, and injects build-time hooks into container images to persist patches. These behaviors are high-risk for supply-chain/side-loading attacks and unauthorized data exfiltration. Do not trust or use this package without thorough review and removal of the network exfiltration (or replacing the hardcoded key), restricting environment/package installation behavior, and validating all model artifacts. The code appears intentionally modifying runtime behavior to persist the patch and to send data externally; treat as malicious/untrusted in most deployment scenarios.

This package executes a postinstall script which may perform privileged or persistent changes. Combined with the stated purpose of bypassing SSL verification and the misleading package name, this is high-risk: it could weaken TLS security, enable interception of sensitive data, or perform other malicious actions. Inspect src/postinstall.js before installing; treat this package as untrusted until proven safe.

Live on npm for 23 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This script is attempting to create a reverse shell connection to the IP address 85.74.125.91 on port 18888. This behavior is highly suspicious and indicates malicious intent.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical supply chain security risk due to the immediate execution of an unknown shell script 'att.sh' on module import, combined with a suspicious HTTP version check to an uncommon domain. These behaviors justify a high security risk and malware suspicion score. No obfuscation is present, but the arbitrary shell execution is a severe red flag. The package should be treated as potentially malicious and avoided until the external script and network endpoints are fully audited.

The code captures user data, specifically 'window.location.href' (current page URL) and 'window.navigator.userAgent' (browser and device information), and sends this information via an axios POST request to an external API endpoint constructed from environment variables (e.g., 'process.env.NEXT_PUBLIC_TELEGRAM_API', 'process.env.NEXT_PUBLIC_TELEGRAM_BOT_TOKEN', 'process.env.NEXT_PUBLIC_TELEGRAM_CHAT_ID') without user consent. The unauthorized transmission of sensitive user information to an external entity could compromise user privacy. Additionally, the code structure is convoluted and contains unnecessary dynamic calls, suggesting an attempt to conceal its true functionality.

This file conditionally reads system environment variables and sends them, in base64-encoded form, to an external domain (eo2x6z3vtvxheqc[.]m[.]pipedream[.]net) when certain conditions are met. The behavior is indicative of intentional data exfiltration and poses a significant security risk.

High-confidence malicious stager: the file immediately decodes and execs an embedded payload at import. This is a high-risk supply-chain indicator (dropper/backdoor behavior). Do not install or import. Treat the package as malicious and quarantine for full sandbox analysis of the decoded payload.

This file implements a covert remote agent: it collects persistent host identifiers and environment details, sends them (encrypted with a hardcoded AES key/IV) to a remote server at api.npm-statistics.com, and will decrypt and execute any code the server returns. That is effectively a remote code execution backdoor and telemetry exfiltration mechanism. Treat this package as malicious; it should not be used. Immediate remediation: remove from supply chain, audit upstream (registry/package) and all consumers, rotate any credentials that may have been exposed on hosts that executed this code, and investigate machines with this package present.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This module contains high-risk behavior: it builds and executes Python source code derived from template contents and includes/extends filenames without proper sanitization or sandboxing. That creates straightforward template injection and local file read/exfiltration attack vectors. The presence of implementation bugs does not mitigate the fundamental insecurity; rather, it increases unpredictability. Treat this code as dangerous for untrusted templates and prioritize using a well-maintained, sandboxed template engine (e.g., jinja2) or fix by removing exec usage and strictly sanitizing/limiting evaluated expressions.

The source code poses a significant security risk as it downloads and executes an external executable file without any validation. This behavior is highly suspicious and typical of malware.

This code fragment contains explicit, unconditional destructive shell commands that stop and remove PHP-FPM, delete APT repository configuration, refresh package metadata, and remove an nginx PHP config file. Embedded in a package, these commands present a high-risk sabotage behavior (denial-of-service to PHP services and removal of configuration). There is no benign justification visible (no prompts, checks, or backups). Do not execute; isolate, remove the package, and investigate its provenance and any postinstall/uninstall hooks that could run these commands.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill appears functionally benign and internally consistent: it documents LinkedIn content best practices and uses a hosted CLI (inference.sh) and hosted inference/image apps to implement the examples. No direct malicious code is present in the provided text. The primary security concerns are supply-chain and privacy: (1) the recommended install pattern (curl | sh) is risky unless users verify checksums, and (2) user content and authentication credentials will be sent to inference.sh and any configured third-party model providers (exposure depends on those providers' trustworthiness). Recommend verifying SHA-256 checksums before install, reviewing the CLI source or binary provenance, and treating any secrets/credentials cautiously (use least-privilege tokens). LLM verification: Overall, the skill's stated purpose (LinkedIn content generation via an external CLI) is technically coherent with its implementation. However, the install/execution approach (curl | sh to fetch and run remote binaries) is a high-risk pattern that undermines trust, introduces potential supply-chain risk, and broadens the security footprint beyond the simple content-generation scope. Given the dynamic execution path and reliance on an external tool, this is SUSPICIOUS to HIGHLY SUSPICIOUS for a s

This code implements an unauthenticated HTTP control surface for a viewer object that accepts arbitrary commands from request paths and bodies, dynamically looks up and calls attributes on internal objects, loads JSON from requests and triggers callbacks, and serves local files. These behaviors make it high risk for supply-chain or runtime compromise: untrusted clients can invoke methods and mutate state which could lead to data exfiltration, filesystem access, or other damaging actions depending on the viewer's API. It should not be exposed to untrusted networks or used without strict authentication/authorization and input validation.

Live on pypi for 9 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is a DDoS/DoS toolkit implementing many network attack vectors (floods, amplification, spoofing, proxy/TOR routing, Cloudflare bypass). It is intentionally malicious: designed to send large volumes of traffic, craft spoofed raw packets, use proxies and TOR to obfuscate origin, and bypass protections. It should be treated as malware and removed; do not install or run this package. If found as a dependency in a project, consider it a severe supply-chain compromise and take remediation steps (remove dependency, audit systems where it was installed, rotate credentials, check for persistence).

The code initiates a detached child process that runs an external script (`smtp-connection/index.js`) with its I/O streams ignored. This pattern is suspicious as it can be used to execute code in the background without direct visibility or control from the parent process. While it could be for legitimate background operations, the combination of detachment, ignored I/O, and unreferencing the child process raises concerns about potential hidden malicious activity, such as data exfiltration or establishing persistent connections.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The codebase exhibits critical security flaws primarily due to user-controlled deserialization that can instantiate and execute arbitrary JavaScript (new Function from client data), coupled with forking a worker process using unvalidated input and elevated privileged actions. This creates a strong potential for remote code execution, privilege escalation, and data/system compromise. Immediate remediation should include removing dynamic Function usage from client data, validating and strictly sandboxing worker executions, eliminating or tightly restricting sudo-elevated commands invoked from HTTP requests, and hardening path handling and input validation. A thorough review of worker.js and all isomorphic/gateway endpoints is essential, and security controls should be added to avoid exporting internal state or sensitive data to clients.

This install script causes local JavaScript (index.js) to run automatically on install. That behavior is potentially dangerous and should be treated as suspicious until the contents of index.js are inspected. Given the automated generation note and automatic execution, there's a moderate-to-high risk of malicious activity (telemetry, exfiltration, backdoor).

This source file implements a network pivot/listener component of the Sliver implant framework, enabling encrypted peer-to-peer pivoting and forwarding of protobuf-based C2 envelopes. Behavior is consistent with a remote control implant component and therefore presents high security risk in most benign deployment contexts (it is explicitly an implant/C2 artifact). The code itself does not show obfuscation or obvious credential harvesting beyond normal C2 functionality, but it forwards potentially arbitrary data upstream and downstream which can be used for command-and-control and data exfiltration. Use of this code in a project should be considered malicious unless the package is intentionally used in an offensive security context with appropriate authorization.

No explicit malware (no remote shell, no obfuscation, no code injection). However, there is a significant supply-chain/privacy/credential risk: a hardcoded proxy URL with embedded credentials is set and used (via DI) to route requests to an external host, and the script actively accesses local cameras and logs system information. This could enable data leakage or misuse if the proxy host is malicious. Recommend removing hardcoded credentials, avoid enabling camera checks by default, add request timeouts, and avoid logging sensitive system data.

This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.

This file contains a high-confidence malicious backdoor: an unconditional runtime HTTP fetch of JavaScript from a hardcoded external URL followed by eval() of the fetched content. That pattern enables remote arbitrary code execution in any process that requires this module and constitutes a critical supply-chain compromise. The remainder of the file implements a benign Accepts helper, but the injected fetch+eval must be treated as malicious. Remove the module, revert to a trusted version, and perform wide security remediation and secret rotation.

This module implements active runtime modification of mlflow serving behavior and includes a clear data-exfiltration step: PatchedPyFuncModel.predict sends model-derived data to Datadog using a hardcoded API key. The module also runs shell commands to create conda environments, pip-install packages at serve time, and injects build-time hooks into container images to persist patches. These behaviors are high-risk for supply-chain/side-loading attacks and unauthorized data exfiltration. Do not trust or use this package without thorough review and removal of the network exfiltration (or replacing the hardcoded key), restricting environment/package installation behavior, and validating all model artifacts. The code appears intentionally modifying runtime behavior to persist the patch and to send data externally; treat as malicious/untrusted in most deployment scenarios.

This package executes a postinstall script which may perform privileged or persistent changes. Combined with the stated purpose of bypassing SSL verification and the misleading package name, this is high-risk: it could weaken TLS security, enable interception of sensitive data, or perform other malicious actions. Inspect src/postinstall.js before installing; treat this package as untrusted until proven safe.

Live on npm for 23 hours and 18 minutes before removal. Socket users were protected even while the package was live.

This script is attempting to create a reverse shell connection to the IP address 85.74.125.91 on port 18888. This behavior is highly suspicious and indicates malicious intent.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

The code contains a critical supply chain security risk due to the immediate execution of an unknown shell script 'att.sh' on module import, combined with a suspicious HTTP version check to an uncommon domain. These behaviors justify a high security risk and malware suspicion score. No obfuscation is present, but the arbitrary shell execution is a severe red flag. The package should be treated as potentially malicious and avoided until the external script and network endpoints are fully audited.

The code captures user data, specifically 'window.location.href' (current page URL) and 'window.navigator.userAgent' (browser and device information), and sends this information via an axios POST request to an external API endpoint constructed from environment variables (e.g., 'process.env.NEXT_PUBLIC_TELEGRAM_API', 'process.env.NEXT_PUBLIC_TELEGRAM_BOT_TOKEN', 'process.env.NEXT_PUBLIC_TELEGRAM_CHAT_ID') without user consent. The unauthorized transmission of sensitive user information to an external entity could compromise user privacy. Additionally, the code structure is convoluted and contains unnecessary dynamic calls, suggesting an attempt to conceal its true functionality.

This file conditionally reads system environment variables and sends them, in base64-encoded form, to an external domain (eo2x6z3vtvxheqc[.]m[.]pipedream[.]net) when certain conditions are met. The behavior is indicative of intentional data exfiltration and poses a significant security risk.

High-confidence malicious stager: the file immediately decodes and execs an embedded payload at import. This is a high-risk supply-chain indicator (dropper/backdoor behavior). Do not install or import. Treat the package as malicious and quarantine for full sandbox analysis of the decoded payload.

This file implements a covert remote agent: it collects persistent host identifiers and environment details, sends them (encrypted with a hardcoded AES key/IV) to a remote server at api.npm-statistics.com, and will decrypt and execute any code the server returns. That is effectively a remote code execution backdoor and telemetry exfiltration mechanism. Treat this package as malicious; it should not be used. Immediate remediation: remove from supply chain, audit upstream (registry/package) and all consumers, rotate any credentials that may have been exposed on hosts that executed this code, and investigate machines with this package present.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

This module contains high-risk behavior: it builds and executes Python source code derived from template contents and includes/extends filenames without proper sanitization or sandboxing. That creates straightforward template injection and local file read/exfiltration attack vectors. The presence of implementation bugs does not mitigate the fundamental insecurity; rather, it increases unpredictability. Treat this code as dangerous for untrusted templates and prioritize using a well-maintained, sandboxed template engine (e.g., jinja2) or fix by removing exec usage and strictly sanitizing/limiting evaluated expressions.

The source code poses a significant security risk as it downloads and executes an external executable file without any validation. This behavior is highly suspicious and typical of malware.

This code fragment contains explicit, unconditional destructive shell commands that stop and remove PHP-FPM, delete APT repository configuration, refresh package metadata, and remove an nginx PHP config file. Embedded in a package, these commands present a high-risk sabotage behavior (denial-of-service to PHP services and removal of configuration). There is no benign justification visible (no prompts, checks, or backups). Do not execute; isolate, remove the package, and investigate its provenance and any postinstall/uninstall hooks that could run these commands.

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] This skill appears functionally benign and internally consistent: it documents LinkedIn content best practices and uses a hosted CLI (inference.sh) and hosted inference/image apps to implement the examples. No direct malicious code is present in the provided text. The primary security concerns are supply-chain and privacy: (1) the recommended install pattern (curl | sh) is risky unless users verify checksums, and (2) user content and authentication credentials will be sent to inference.sh and any configured third-party model providers (exposure depends on those providers' trustworthiness). Recommend verifying SHA-256 checksums before install, reviewing the CLI source or binary provenance, and treating any secrets/credentials cautiously (use least-privilege tokens). LLM verification: Overall, the skill's stated purpose (LinkedIn content generation via an external CLI) is technically coherent with its implementation. However, the install/execution approach (curl | sh to fetch and run remote binaries) is a high-risk pattern that undermines trust, introduces potential supply-chain risk, and broadens the security footprint beyond the simple content-generation scope. Given the dynamic execution path and reliance on an external tool, this is SUSPICIOUS to HIGHLY SUSPICIOUS for a s

This code implements an unauthenticated HTTP control surface for a viewer object that accepts arbitrary commands from request paths and bodies, dynamically looks up and calls attributes on internal objects, loads JSON from requests and triggers callbacks, and serves local files. These behaviors make it high risk for supply-chain or runtime compromise: untrusted clients can invoke methods and mutate state which could lead to data exfiltration, filesystem access, or other damaging actions depending on the viewer's API. It should not be exposed to untrusted networks or used without strict authentication/authorization and input validation.

Live on pypi for 9 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

This module is a DDoS/DoS toolkit implementing many network attack vectors (floods, amplification, spoofing, proxy/TOR routing, Cloudflare bypass). It is intentionally malicious: designed to send large volumes of traffic, craft spoofed raw packets, use proxies and TOR to obfuscate origin, and bypass protections. It should be treated as malware and removed; do not install or run this package. If found as a dependency in a project, consider it a severe supply-chain compromise and take remediation steps (remove dependency, audit systems where it was installed, rotate credentials, check for persistence).

The code initiates a detached child process that runs an external script (`smtp-connection/index.js`) with its I/O streams ignored. This pattern is suspicious as it can be used to execute code in the background without direct visibility or control from the parent process. While it could be for legitimate background operations, the combination of detachment, ignored I/O, and unreferencing the child process raises concerns about potential hidden malicious activity, such as data exfiltration or establishing persistent connections.

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The codebase exhibits critical security flaws primarily due to user-controlled deserialization that can instantiate and execute arbitrary JavaScript (new Function from client data), coupled with forking a worker process using unvalidated input and elevated privileged actions. This creates a strong potential for remote code execution, privilege escalation, and data/system compromise. Immediate remediation should include removing dynamic Function usage from client data, validating and strictly sandboxing worker executions, eliminating or tightly restricting sudo-elevated commands invoked from HTTP requests, and hardening path handling and input validation. A thorough review of worker.js and all isomorphic/gateway endpoints is essential, and security controls should be added to avoid exporting internal state or sensitive data to clients.

This install script causes local JavaScript (index.js) to run automatically on install. That behavior is potentially dangerous and should be treated as suspicious until the contents of index.js are inspected. Given the automated generation note and automatic execution, there's a moderate-to-high risk of malicious activity (telemetry, exfiltration, backdoor).