Secure your dependencies. Ship with confidence.

The code is obfuscated but appears to implement login and token-update network calls using axios, read process.env.REMOTE_ID and call back with the login data. I found no evidence of active malware (no eval, no shell spawning, no file corruption, no arbitrary remote exfiltration). Notable concerns: heavy string obfuscation (reduces auditability), a hardcoded renewal URL that should be validated, and the module calling process.exit(1) on TokenExpiredError which can unexpectedly terminate a host process. Reviewers should verify the axiosConfig base URL and the renewal domain before trusting the package.

Live on npm for 1 day, 6 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The fragment contains significant dynamic code execution vectors and an embedded base64 payload intended to be loaded as a Worker. The combination of eval-based code loading (getParserModuleExports, compileGrammar flows) and a large embedded base64 payload used to instantiate a Worker indicates potential execution of arbitrary code at runtime. In a package, this is a serious supply-chain and runtime risk if inputs or dependencies are not strictly trusted. The code appears designed to enable on-the-fly code generation and execution, which, if exposed to untrusted grammar or livecode payloads, could be leveraged for malicious actions (remote code execution, data exfiltration, or backdoors). The embedded base64 payload and dynamic eval/Worker usage are the primary risk signals. Recommended mitigations include avoiding eval for untrusted inputs, sandboxing or precompiling grammars, auditing the base64 payload source, restricting inputs to trusted sources, and replacing dynamic code generation with safer, constrained interpreters or compilers.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

This module performs a straightforward CSV-to-Postgres upload but contains a high-risk anomaly: it transparently sends the supplied database password to a hardcoded external IP (3.21.144.229) via psycopg2.connect while also connecting to the user-specified host via SQLAlchemy. That behavior effectively leaks credentials to an unexpected host and is consistent with credential exfiltration (or a critical developer mistake). Additional risks: dynamic SQL in read_table (SQL injection), unconditional DROP/CREATE (destructive), lack of TLS/secure connection options, and no input validation or error handling. Remediation: remove or correct the hardcoded connection, avoid embedding credentials in strings (use environment-secured credentials or parameterized config), enforce TLS, validate/sanitize table names or use parameterized queries, add error handling and least-privilege DB users. Treat code as unsafe until fixed.

The best-supported interpretation from all three reports is that this snippet is intended to remove/disrupt a networking/service component: it deletes a network interface, performs an authenticated DELETE against a local admin API to remove a node entry, overwrites sensitive network configuration, deletes a token, and then executes a privileged Go removal routine. The hardcoded bearer credential and `sudo go run ./main.go` pattern are strong security red flags. Even if this could be legitimate administrative deprovisioning, it is high-risk automation without verification/controls, and the unreviewed `main.go` is an unresolved supply-chain execution sink.

This code is outright malicious. It exfiltrates environment tokens to a hardcoded external endpoint and, if no tokens are found, runs a destructive rm -rf on the user's home directory. Treat as high-risk malware: do not install or run. If executed, assume secrets are compromised and perform credential rotation and forensic/restore actions.

The code programmatically creates a tor configuration, writes it to /tmp, and launches the system 'tor' process, exposing local services (SSH, HTTP/HTTPS) as hidden services and opening a ControlPort bound to all interfaces. This behaviour is high-risk in deployment: hardcoded hashed control password, ControlPort on 0.0.0.0, HiddenServiceDir in /tmp, and mapping of sensitive ports all elevate the chance of misuse or compromise. The code does not appear to be intentionally obfuscated or obviously malicious, but it performs privileged network-exposing actions that could facilitate abuse or accidental exposure. Recommend careful review before use: remove hardcoded secrets, avoid binding ControlPort to 0.0.0.0, use a secure directory for HiddenServiceDir, and add lifecycle and permission checks. If the intent is not to expose local SSH/HTTP over Tor, do not use.

This code implements an in-memory execution/infection helper: it compiles and emits a small Rust program that uses memfd_create and fexecve to load and execute ELF bytes provided at runtime, and can fork+detach to execute additional payloads. Those behaviors are powerful and can be used for malicious purposes (stealthy payload execution, in-memory loaders). The code is intentionally invasive and should be treated as high-risk. Use only in trusted contexts and avoid including it in general dependency trees. If you did not expect an infecting/injector utility in this package, treat it as malicious.

The selected analysis (Report 3) presents the most coherent and focused assessment of FounderForge’s security posture, emphasizing clear phase-gating, local artifact storage, and minimal direct credential risk. While the workflow is largely benign, multiple reports converge on a medium-level risk stemming from external web-search integrations and multi-agent data flows. The improved assessment recommends explicit data-handling policies, prompt hygiene, and auditing to reduce data leakage risk and enhance trust in the automation pipeline.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is documentation for the RivetKit React client with usage examples. It does not contain hidden or malicious code. The only notable security issue is the recommended URL-auth endpoint form (https://namespace:token@api.rivet.dev) which, while supported, can lead to accidental credential leakage in browsers or logs; developers should prefer environment variables or other safer methods in client-side contexts. No evidence of credential harvesting, obfuscated code, or exfiltration to suspicious third parties was found.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

The provided file is a modified/tampered SweetAlert2 bundle containing a malicious payload: a locale- and host-targeted, delayed activation that disables page interaction and autoplays a looping audio file loaded from a third-party domain. This is a clear supply-chain compromise or malicious insertion. Immediate actions: do NOT use this package version; remove it from deployments; audit package integrity (compare with official upstream release, verify checksums/signatures); rotate any secrets that may have been exposed in environments where this version was deployed; notify maintainers and users. Replace with a clean, verified release and investigate how the compromise occurred.

This module contains a high-risk remote administration/backdoor pattern: it exposes a TCP-accessible Node REPL (conditioned on PORT_REPL), routes incoming socket data into REPL evaluation, and includes REPL commands that execute host shell commands using child_process.spawn with shell:true derived directly from REPL input. It also forwards stdout to the TCP client, enabling data/command output exfiltration. The surrounding storage/DB code increases manipulation and persistence but the critical threat is the networked REPL + shell execution path.

This source file is a core component of a remote C2 implant (Sliver) providing pivot management and proxied I/O. Its purpose (enabling pivoting and communication with a remote controller) is malicious in typical benign-supply-chain contexts and it should be treated as high-risk. Additionally, the code contains robustness and security issues (nil dereferences, unchecked err usage, trusting remote length fields, inadequate error handling and no timeouts) that increase the risk of crashes or resource exhaustion. If present as a dependency in otherwise benign software, assume compromise and remove unless inclusion is explicitly intended and authorized.

This module implements covert data exfiltration: it accepts an input string and sends it to a hardcoded external Discord webhook. Behavior is malicious in practice (credential or secret theft potential). Treat as compromise/backdoor, remove and audit callers and rotate any potentially leaked credentials.

Live on npm for 4 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and sending sensitive system data to a remote server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 3 days and 17 minutes before removal. Socket users were protected even while the package was live.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code implements anti-debugging and anti-analysis checks and will terminate the process if it detects instrumentation, debuggers, or anomalous timing. I found no evidence in this fragment of data exfiltration, backdoor creation, network communication, credential harvesting, or direct destructive actions. However, anti-analysis behaviors are commonly used by malware to evade detection; this raises suspicion but is not proof of malicious payload by itself. Because the snippet is obfuscated and appears truncated, further review of the full package is recommended before trusting it.

Live on pypi for 6 days, 17 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

This module programmatically extracts and decrypts Chrome cookies on macOS by reading the Chrome Local State, copying the Cookies DB, retrieving the Chrome Safe Storage password from the macOS Keychain, deriving the decryption key, querying the DB with sqlite3, and decrypting cookie blobs. While similar code can be legitimate for automation or testing, its capabilities (keychain access, cookie DB copy, decryption to plaintext) are high-risk and commonly abused for credential theft. The code also creates an unprotected temporary DB copy and uses execSync with interpolated inputs (potential shell injection). Treat this module as sensitive: only use in trusted contexts and avoid running it in environments with untrusted inputs. If you did not expect cookie extraction behavior, do not install or run it.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This script invokes xmrig.exe to perform a cryptomining benchmark using the --bench=1M and --submit parameters, potentially submitting results over the network. Unauthorized execution can consume system resources for mining and send data externally without user consent, making it a malicious threat.

This code includes a high-risk dynamic code execution path: remote configuration responses can include a script string that the client constructs via new Function(...) and immediately executes. Combined with periodic polling and persistence to localStorage, this constitutes a supply-chain/execution backdoor allowing server-controlled arbitrary JS to run in users' browsers. Unless the remote endpoint and scripts are fully trusted and protected (signed, restricted), this is dangerous. Recommend removing runtime script execution (new Function) or adding strict verification (digital signatures, checksum, origin checks), prompt/consent before execution, and auditing the remote config service. The bundled UI code otherwise appears standard.

The code is obfuscated but appears to implement login and token-update network calls using axios, read process.env.REMOTE_ID and call back with the login data. I found no evidence of active malware (no eval, no shell spawning, no file corruption, no arbitrary remote exfiltration). Notable concerns: heavy string obfuscation (reduces auditability), a hardcoded renewal URL that should be validated, and the module calling process.exit(1) on TokenExpiredError which can unexpectedly terminate a host process. Reviewers should verify the axiosConfig base URL and the renewal domain before trusting the package.

Live on npm for 1 day, 6 hours and 41 minutes before removal. Socket users were protected even while the package was live.

The fragment contains significant dynamic code execution vectors and an embedded base64 payload intended to be loaded as a Worker. The combination of eval-based code loading (getParserModuleExports, compileGrammar flows) and a large embedded base64 payload used to instantiate a Worker indicates potential execution of arbitrary code at runtime. In a package, this is a serious supply-chain and runtime risk if inputs or dependencies are not strictly trusted. The code appears designed to enable on-the-fly code generation and execution, which, if exposed to untrusted grammar or livecode payloads, could be leveraged for malicious actions (remote code execution, data exfiltration, or backdoors). The embedded base64 payload and dynamic eval/Worker usage are the primary risk signals. Recommended mitigations include avoiding eval for untrusted inputs, sandboxing or precompiling grammars, auditing the base64 payload source, restricting inputs to trusted sources, and replacing dynamic code generation with safer, constrained interpreters or compilers.

The code exhibits clear signs of malicious behavior involving data theft and exfiltration. It encodes and sends sensitive system and user data to a suspicious domain via both DNS queries and HTTPS POST requests.

Live on npm for 38 minutes before removal. Socket users were protected even while the package was live.

This module performs a straightforward CSV-to-Postgres upload but contains a high-risk anomaly: it transparently sends the supplied database password to a hardcoded external IP (3.21.144.229) via psycopg2.connect while also connecting to the user-specified host via SQLAlchemy. That behavior effectively leaks credentials to an unexpected host and is consistent with credential exfiltration (or a critical developer mistake). Additional risks: dynamic SQL in read_table (SQL injection), unconditional DROP/CREATE (destructive), lack of TLS/secure connection options, and no input validation or error handling. Remediation: remove or correct the hardcoded connection, avoid embedding credentials in strings (use environment-secured credentials or parameterized config), enforce TLS, validate/sanitize table names or use parameterized queries, add error handling and least-privilege DB users. Treat code as unsafe until fixed.

The best-supported interpretation from all three reports is that this snippet is intended to remove/disrupt a networking/service component: it deletes a network interface, performs an authenticated DELETE against a local admin API to remove a node entry, overwrites sensitive network configuration, deletes a token, and then executes a privileged Go removal routine. The hardcoded bearer credential and `sudo go run ./main.go` pattern are strong security red flags. Even if this could be legitimate administrative deprovisioning, it is high-risk automation without verification/controls, and the unreviewed `main.go` is an unresolved supply-chain execution sink.

This code is outright malicious. It exfiltrates environment tokens to a hardcoded external endpoint and, if no tokens are found, runs a destructive rm -rf on the user's home directory. Treat as high-risk malware: do not install or run. If executed, assume secrets are compromised and perform credential rotation and forensic/restore actions.

The code programmatically creates a tor configuration, writes it to /tmp, and launches the system 'tor' process, exposing local services (SSH, HTTP/HTTPS) as hidden services and opening a ControlPort bound to all interfaces. This behaviour is high-risk in deployment: hardcoded hashed control password, ControlPort on 0.0.0.0, HiddenServiceDir in /tmp, and mapping of sensitive ports all elevate the chance of misuse or compromise. The code does not appear to be intentionally obfuscated or obviously malicious, but it performs privileged network-exposing actions that could facilitate abuse or accidental exposure. Recommend careful review before use: remove hardcoded secrets, avoid binding ControlPort to 0.0.0.0, use a secure directory for HiddenServiceDir, and add lifecycle and permission checks. If the intent is not to expose local SSH/HTTP over Tor, do not use.

This code implements an in-memory execution/infection helper: it compiles and emits a small Rust program that uses memfd_create and fexecve to load and execute ELF bytes provided at runtime, and can fork+detach to execute additional payloads. Those behaviors are powerful and can be used for malicious purposes (stealthy payload execution, in-memory loaders). The code is intentionally invasive and should be treated as high-risk. Use only in trusted contexts and avoid including it in general dependency trees. If you did not expect an infecting/injector utility in this package, treat it as malicious.

The selected analysis (Report 3) presents the most coherent and focused assessment of FounderForge’s security posture, emphasizing clear phase-gating, local artifact storage, and minimal direct credential risk. While the workflow is largely benign, multiple reports converge on a medium-level risk stemming from external web-search integrations and multi-agent data flows. The improved assessment recommends explicit data-handling policies, prompt hygiene, and auditing to reduce data leakage risk and enhance trust in the automation pipeline.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is documentation for the RivetKit React client with usage examples. It does not contain hidden or malicious code. The only notable security issue is the recommended URL-auth endpoint form (https://namespace:token@api.rivet.dev) which, while supported, can lead to accidental credential leakage in browsers or logs; developers should prefer environment variables or other safer methods in client-side contexts. No evidence of credential harvesting, obfuscated code, or exfiltration to suspicious third parties was found.

The code contains a security risk due to the lack of input validation and sanitization, potentially leading to unauthorized actions or misuse. There are no clear indications of obfuscation or malware in this code.

The provided file is a modified/tampered SweetAlert2 bundle containing a malicious payload: a locale- and host-targeted, delayed activation that disables page interaction and autoplays a looping audio file loaded from a third-party domain. This is a clear supply-chain compromise or malicious insertion. Immediate actions: do NOT use this package version; remove it from deployments; audit package integrity (compare with official upstream release, verify checksums/signatures); rotate any secrets that may have been exposed in environments where this version was deployed; notify maintainers and users. Replace with a clean, verified release and investigate how the compromise occurred.

This module contains a high-risk remote administration/backdoor pattern: it exposes a TCP-accessible Node REPL (conditioned on PORT_REPL), routes incoming socket data into REPL evaluation, and includes REPL commands that execute host shell commands using child_process.spawn with shell:true derived directly from REPL input. It also forwards stdout to the TCP client, enabling data/command output exfiltration. The surrounding storage/DB code increases manipulation and persistence but the critical threat is the networked REPL + shell execution path.

This source file is a core component of a remote C2 implant (Sliver) providing pivot management and proxied I/O. Its purpose (enabling pivoting and communication with a remote controller) is malicious in typical benign-supply-chain contexts and it should be treated as high-risk. Additionally, the code contains robustness and security issues (nil dereferences, unchecked err usage, trusting remote length fields, inadequate error handling and no timeouts) that increase the risk of crashes or resource exhaustion. If present as a dependency in otherwise benign software, assume compromise and remove unless inclusion is explicitly intended and authorized.

This module implements covert data exfiltration: it accepts an input string and sends it to a hardcoded external Discord webhook. Behavior is malicious in practice (credential or secret theft potential). Treat as compromise/backdoor, remove and audit callers and rotate any potentially leaked credentials.

Live on npm for 4 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and sending sensitive system data to a remote server without user consent. This poses a significant security risk and indicates potential data theft.

Live on npm for 3 days and 17 minutes before removal. Socket users were protected even while the package was live.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This module is a high-risk runtime packer/dropper: it embeds an encrypted payload, decrypts it using a user-supplied passphrase, writes the result to `bin/do-setup-circleci-secrets`, and immediately executes it. Because there is no integrity/authenticity validation of the decrypted artifact and the executed code is not shown here, the module should be treated as potentially malicious until the decrypted `bin/do-setup-circleci-secrets` content is inspected and validated in a safe environment.

This code implements anti-debugging and anti-analysis checks and will terminate the process if it detects instrumentation, debuggers, or anomalous timing. I found no evidence in this fragment of data exfiltration, backdoor creation, network communication, credential harvesting, or direct destructive actions. However, anti-analysis behaviors are commonly used by malware to evade detection; this raises suspicion but is not proof of malicious payload by itself. Because the snippet is obfuscated and appears truncated, further review of the full package is recommended before trusting it.

Live on pypi for 6 days, 17 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

This module programmatically extracts and decrypts Chrome cookies on macOS by reading the Chrome Local State, copying the Cookies DB, retrieving the Chrome Safe Storage password from the macOS Keychain, deriving the decryption key, querying the DB with sqlite3, and decrypting cookie blobs. While similar code can be legitimate for automation or testing, its capabilities (keychain access, cookie DB copy, decryption to plaintext) are high-risk and commonly abused for credential theft. The code also creates an unprotected temporary DB copy and uses execSync with interpolated inputs (potential shell injection). Treat this module as sensitive: only use in trusted contexts and avoid running it in environments with untrusted inputs. If you did not expect cookie extraction behavior, do not install or run it.

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This script invokes xmrig.exe to perform a cryptomining benchmark using the --bench=1M and --submit parameters, potentially submitting results over the network. Unauthorized execution can consume system resources for mining and send data externally without user consent, making it a malicious threat.

This code includes a high-risk dynamic code execution path: remote configuration responses can include a script string that the client constructs via new Function(...) and immediately executes. Combined with periodic polling and persistence to localStorage, this constitutes a supply-chain/execution backdoor allowing server-controlled arbitrary JS to run in users' browsers. Unless the remote endpoint and scripts are fully trusted and protected (signed, restricted), this is dangerous. Recommend removing runtime script execution (new Function) or adding strict verification (digital signatures, checksum, origin checks), prompt/consent before execution, and auditing the remote config service. The bundled UI code otherwise appears standard.