Secure your dependencies. Ship with confidence.

This file retrieves and executes remote code from openfintech[.]online/frontend/manifest[.]json, using global.eval for execution. It also performs DNS lookups on 171[.]59[.]in-addr[.]info and manipulates environment-based proxy settings. These behaviors collectively pose a high security risk and strongly suggest malicious intent.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

This file contains two distinct parts: normal-looking Dynamo/Revit node classes and a heavily obfuscated loader/host (C2ko3bPrC...) that reads encrypted resources/files, decrypts payloads, performs native memory manipulation (VirtualAlloc/VirtualProtect/WriteProcessMemory/OpenProcess), interacts with JIT/native function pointers and emits/executes DynamicMethods. Those behaviors are strongly indicative of a malicious loader/packer or backdoor and represent a serious supply-chain risk. I recommend treating the package as malicious/untrusted, removing it from deployments, and conducting a deeper binary/runtime forensic analysis of the extracted payload.

The analyzed fragment exhibits multiple high-risk patterns that could enable remote or arbitrary code execution, data exfiltration, or persistence/manipulation. The most critical concerns are the dynamic evaluation of arbitrary code via postMessage-driven flows and the ability to modify the system hosts file. Combined with widespread filesystem, network, and process-spawning sinks, this codebase presents a notable security risk, particularly if exposed publicly or used in environments where inputs are user-controlled. Immediate mitigations would include sandboxing dynamic code evaluation, removing or strictly restricting host file edits, validating all external inputs, and ensuring that any such tooling runs with the least-privilege principle and clear containment boundaries.

The code is highly suspicious due to its obfuscation, network communication, and potential for executing downloaded files. It poses a significant security risk and could be malicious.

Live on npm for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is malicious in behavior: it is an intentionally-obfuscated downloader/remote-execution loader. It fetches encoded payloads from remote paste-like endpoints, decodes a list of URLs, and spawns platform-specific shell commands that download and pipe remote scripts directly into shell processes, enabling arbitrary remote code execution. Do not run, include, or trust this package. Treat it as high risk: remove it from builds, block outbound network access, and investigate any systems where it was executed.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

This code is a post-exploitation/backdoor utility intended to obtain an interactive remote shell on a target via a PHP reverse shell or by uploading/running a native reverse-server binary. It performs file upload, remote command execution, and local network binding to accept shells. The fragment contains coding errors and undefined variables, but its purpose is clearly malicious and dangerous in most contexts. Treat any package including this code as malicious/backdoor unless its inclusion is explicitly authorized for offensive security operations within a controlled environment.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This module transmits bot tokens (either plaintext or Fernet-encrypted with a key derived from the api_key), API keys (in cleartext header), and user/chat event metadata to a hardcoded external endpoint. The design ensures the recipient can recover the bot token when an api_key is present (api_key is sent with the request). Silent exception swallowing and asynchronous fire-and-forget behavior make the exfiltration covert. Inclusion of this code as a dependency poses a significant supply-chain risk and should be treated as malicious or at minimum highly suspicious unless the endpoint and behavior are explicitly documented and trusted by the user.

The code collects extensive system and user information and sends it to a remote server without user consent. This behavior is indicative of malware and poses a significant security risk.

Live on npm for 1 hour and 29 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This code is not obviously a deliberate malware implant, but it contains serious supply-chain/security risks: multiple direct interpolations of untrusted UI input into shell commands with shell=True allow command injection and arbitrary filesystem manipulation. Treat this module as unsafe to use without remediation (sanitize/escape inputs or use safe stdlib calls).

Live on pypi for 5 days, 18 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This script performs untrusted deserialization (pickle.load) of a file specified via command-line and immediately executes the deserialized object. Combined with deleting the input file, this is a high-risk pattern for arbitrary code execution, backdoors, or supply-chain abuse. Do not use or run this code with untrusted inputs. The provided fragment also contains a likely typo/truncation ('rais'), so the sample may be incomplete or altered.

This module implements a remote command-execution backdoor with explicit anti-analysis checks, single-instance locking, and no authentication. It allows any network client that can reach the service to execute arbitrary shell commands as the process user and receive their output. It should be considered malicious and high risk; do not run it on production or sensitive systems and investigate any deployments.

The code provides functionality to convert and expose a TVM hybrid function from source, but it performs exec on user-supplied or file-read source without sandboxing or effective sanitization. While the fragment contains no obvious hardcoded secrets or network endpoints, the exec+write-to-disk behavior is a high-risk capability: if an attacker can supply the src string or control .py files loaded by load(), they can execute arbitrary code in the host process. Use only with trusted inputs or introduce strict AST validation and sandboxing to mitigate risk.

This code fragment contains a heavily obfuscated runtime loader/implant that decrypts embedded resources and writes/executed code in-process using native APIs and runtime-pointer patching. It performs direct process memory writes (including /proc/self/mem on Linux), VirtualAlloc/VirtualProtect/WriteProcessMemory, JIT/native entrypoint manipulation and dynamic invocation of the unpacked payload. These are high-confidence indicators of malicious behavior (loader/backdoor/sideloading). Treat the package as malicious and unsafe for use; it should be removed and subject to incident response.

The analyzed fragment demonstrates a high-risk runtime code-loading pattern: an embedded encrypted payload is decrypted at load time and used to inject external code, in addition to publicly exposed Firebase config and extensive telemetry/config flows. While legitimate analytics and charting components may be present, the dynamic loader constitutes a significant supply-chain and runtime risk, capable of introducing a backdoor or dropper under attacker-controlled payloads. This should be treated as malware-like risk pending maintainers’ clarification. Recommended actions include removing or hardening the runtime decrypt/load path (use signed, integrity-checked modules), relocating sensitive keys/config to secure servers, and introducing strict CSP and integrity checks for any externally loaded scripts. Consider isolating this loader behind feature flags or removing it entirely for production builds.

The code exhibits malicious behavior by exfiltrating local file content and an environment variable to an external server without user consent. The use of Base64 encoding to obscure the webhook URL indicates an attempt to hide this behavior.

Live on npm for 6 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The skill is coherent with its stated purpose of providing a comprehensive session/project status view. It relies on local data sources (config files, git, SPEC tracking, system metrics) and presents structured output. No credential access, external data exfiltration, or remote execution patterns are evident. Security posture is benign to low-risk given the described usage, with no suspicious data flows or credential handling detected.

This file retrieves and executes remote code from openfintech[.]online/frontend/manifest[.]json, using global.eval for execution. It also performs DNS lookups on 171[.]59[.]in-addr[.]info and manipulates environment-based proxy settings. These behaviors collectively pose a high security risk and strongly suggest malicious intent.

The code exhibits a dangerous remote code execution pattern: it downloads and immediately runs a remote Python payload without integrity checks, sandboxing, or input validation. This creates a severe supply-chain and runtime security risk. Recommended mitigations include removing dynamic downloads, validating payloads with cryptographic hashes or signatures, using safe subprocess invocations with argument lists, and implementing strict input sanitization. If remote functionality must remain, switch to a trusted-internal mechanism (e.g., plugin architecture with signed components, offline verification) and add robust error handling and logging.

This module contains explicit data-exfiltration behavior: a plaintext Telegram bot token and an unconditional upload of a specific local file to a remote Telegram chat when executed. In a repository or dependency this constitutes a high-risk backdoor and credential leak. Treat as malicious/unsafe for reuse in packages; revoke the token and remove or modify the code to require explicit, authenticated configuration before any network file transfer.

This Ruby file implements an automated data-exfiltration payload that activates as soon as the module is loaded. It gathers the current username (ENV['USER'], ENV['USERNAME'] or `whoami`), machine hostname (Socket.gethostname), and the file's absolute path (File.expand_path(__FILE__)). Each value is hex-encoded and split into chunks to conform to DNS label length limits. A target domain is constructed in the pattern: a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw (with filepath hex truncated if needed), then an HTTPS GET request is sent to https://a<...>.furb[.]pw/. The code executes automatically when loaded as a module (unless __FILE__ == $0), making it a supply chain attack vector. No opt-in or legitimate use case exists. This behavior is unambiguously malicious, leveraging DNS/HTTPS for covert reconnaissance and unauthorized data exfiltration.

This file contains two distinct parts: normal-looking Dynamo/Revit node classes and a heavily obfuscated loader/host (C2ko3bPrC...) that reads encrypted resources/files, decrypts payloads, performs native memory manipulation (VirtualAlloc/VirtualProtect/WriteProcessMemory/OpenProcess), interacts with JIT/native function pointers and emits/executes DynamicMethods. Those behaviors are strongly indicative of a malicious loader/packer or backdoor and represent a serious supply-chain risk. I recommend treating the package as malicious/untrusted, removing it from deployments, and conducting a deeper binary/runtime forensic analysis of the extracted payload.

The analyzed fragment exhibits multiple high-risk patterns that could enable remote or arbitrary code execution, data exfiltration, or persistence/manipulation. The most critical concerns are the dynamic evaluation of arbitrary code via postMessage-driven flows and the ability to modify the system hosts file. Combined with widespread filesystem, network, and process-spawning sinks, this codebase presents a notable security risk, particularly if exposed publicly or used in environments where inputs are user-controlled. Immediate mitigations would include sandboxing dynamic code evaluation, removing or strictly restricting host file edits, validating all external inputs, and ensuring that any such tooling runs with the least-privilege principle and clear containment boundaries.

The code is highly suspicious due to its obfuscation, network communication, and potential for executing downloaded files. It poses a significant security risk and could be malicious.

Live on npm for 3 hours and 19 minutes before removal. Socket users were protected even while the package was live.

This module is malicious in behavior: it is an intentionally-obfuscated downloader/remote-execution loader. It fetches encoded payloads from remote paste-like endpoints, decodes a list of URLs, and spawns platform-specific shell commands that download and pipe remote scripts directly into shell processes, enabling arbitrary remote code execution. Do not run, include, or trust this package. Treat it as high risk: remove it from builds, block outbound network access, and investigate any systems where it was executed.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

This code is a post-exploitation/backdoor utility intended to obtain an interactive remote shell on a target via a PHP reverse shell or by uploading/running a native reverse-server binary. It performs file upload, remote command execution, and local network binding to accept shells. The fragment contains coding errors and undefined variables, but its purpose is clearly malicious and dangerous in most contexts. Treat any package including this code as malicious/backdoor unless its inclusion is explicitly authorized for offensive security operations within a controlled environment.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

This module transmits bot tokens (either plaintext or Fernet-encrypted with a key derived from the api_key), API keys (in cleartext header), and user/chat event metadata to a hardcoded external endpoint. The design ensures the recipient can recover the bot token when an api_key is present (api_key is sent with the request). Silent exception swallowing and asynchronous fire-and-forget behavior make the exfiltration covert. Inclusion of this code as a dependency poses a significant supply-chain risk and should be treated as malicious or at minimum highly suspicious unless the endpoint and behavior are explicitly documented and trusted by the user.

The code collects extensive system and user information and sends it to a remote server without user consent. This behavior is indicative of malware and poses a significant security risk.

Live on npm for 1 hour and 29 minutes before removal. Socket users were protected even while the package was live.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This code is not obviously a deliberate malware implant, but it contains serious supply-chain/security risks: multiple direct interpolations of untrusted UI input into shell commands with shell=True allow command injection and arbitrary filesystem manipulation. Treat this module as unsafe to use without remediation (sanitize/escape inputs or use safe stdlib calls).

Live on pypi for 5 days, 18 hours and 13 minutes before removal. Socket users were protected even while the package was live.

This script performs untrusted deserialization (pickle.load) of a file specified via command-line and immediately executes the deserialized object. Combined with deleting the input file, this is a high-risk pattern for arbitrary code execution, backdoors, or supply-chain abuse. Do not use or run this code with untrusted inputs. The provided fragment also contains a likely typo/truncation ('rais'), so the sample may be incomplete or altered.

This module implements a remote command-execution backdoor with explicit anti-analysis checks, single-instance locking, and no authentication. It allows any network client that can reach the service to execute arbitrary shell commands as the process user and receive their output. It should be considered malicious and high risk; do not run it on production or sensitive systems and investigate any deployments.

The code provides functionality to convert and expose a TVM hybrid function from source, but it performs exec on user-supplied or file-read source without sandboxing or effective sanitization. While the fragment contains no obvious hardcoded secrets or network endpoints, the exec+write-to-disk behavior is a high-risk capability: if an attacker can supply the src string or control .py files loaded by load(), they can execute arbitrary code in the host process. Use only with trusted inputs or introduce strict AST validation and sandboxing to mitigate risk.

This code fragment contains a heavily obfuscated runtime loader/implant that decrypts embedded resources and writes/executed code in-process using native APIs and runtime-pointer patching. It performs direct process memory writes (including /proc/self/mem on Linux), VirtualAlloc/VirtualProtect/WriteProcessMemory, JIT/native entrypoint manipulation and dynamic invocation of the unpacked payload. These are high-confidence indicators of malicious behavior (loader/backdoor/sideloading). Treat the package as malicious and unsafe for use; it should be removed and subject to incident response.

The analyzed fragment demonstrates a high-risk runtime code-loading pattern: an embedded encrypted payload is decrypted at load time and used to inject external code, in addition to publicly exposed Firebase config and extensive telemetry/config flows. While legitimate analytics and charting components may be present, the dynamic loader constitutes a significant supply-chain and runtime risk, capable of introducing a backdoor or dropper under attacker-controlled payloads. This should be treated as malware-like risk pending maintainers’ clarification. Recommended actions include removing or hardening the runtime decrypt/load path (use signed, integrity-checked modules), relocating sensitive keys/config to secure servers, and introducing strict CSP and integrity checks for any externally loaded scripts. Consider isolating this loader behind feature flags or removing it entirely for production builds.

The code exhibits malicious behavior by exfiltrating local file content and an environment variable to an external server without user consent. The use of Base64 encoding to obscure the webhook URL indicates an attempt to hide this behavior.

Live on npm for 6 hours and 52 minutes before removal. Socket users were protected even while the package was live.

The skill is coherent with its stated purpose of providing a comprehensive session/project status view. It relies on local data sources (config files, git, SPEC tracking, system metrics) and presents structured output. No credential access, external data exfiltration, or remote execution patterns are evident. Security posture is benign to low-risk given the described usage, with no suspicious data flows or credential handling detected.