Secure your dependencies. Ship with confidence.

The code fragment constitutes a malicious PoC exploit designed to leverage CVE-2023-20889 for command execution and information disclosure, including potential data exfiltration via an out-of-band channel. It employs obfuscated-like techniques (base64 payloads, eval) and uses an authenticated flow to reach the payload delivery stage. This demonstrates strong supply-chain risk if surfaced in open-source samples, emphasizing the need for patching and cautious review of example payloads.

The code is mostly a UI/admin library bundle, but it contains at least one explicit malicious/abusive behavior: a locale-and-host-targeted block that injects and auto-plays an external audio file from https://flag-gimn.ru for Russian-language clients on certain TLDs, and temporarily disables pointer events. That behavior is targeted, unexpected, and qualifies as malicious/sabotage or propaganda injection. Additionally, there are multiple risky patterns (eval/new Function on potentially remote-provided strings, insertion of response HTML into the DOM) that expose the application to remote code execution / XSS if inputs or server responses are not fully trusted or are compromised. Recommendation: remove the targeted audio injection block immediately, audit and/or replace any eval-packed modules and avoid executing server-provided scripts via eval. Replace eval/new Function uses with safer alternatives, sanitize any HTML coming from network before inserting into the DOM, and review the origin of this package/version for supply-chain tampering.

This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains a concealed, encrypted JavaScript payload and the code to decrypt-and-execute it at runtime while exposing powerful host APIs (require, process, module, etc.) to the payload. That combination is a strong indicator of a backdoor or supply-chain malicious capability: the code is explicitly designed to hide behavior and execute it later, and the sandboxing is undermined by exporting host capabilities. Treat as malicious/untrusted and remove or fully audit the decrypted payload in an isolated environment before any execution.

Live on npm for 18 days, 5 hours and 12 minutes before removal. Socket users were protected even while the package was live.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This code implements a backdoor/remote access trojan that provides complete system access through arbitrary command execution, unrestricted file operations, and persistent remote control capabilities. The lack of security controls makes it extremely dangerous.

This module uses packing/obfuscation (base64 + zlib) and executes the resulting code at import time via exec(). That pattern is high-risk because it conceals behavior and bypasses normal code review. Without decompressing the payload we cannot definitively label the package malicious, but the packaging pattern is suspicious and should be treated as untrusted. Perform safe, isolated decompression and full audit before using; do not run in production until verified.

This module implements an interactive Python execution tool that runs arbitrary Python code via exec and captures stdout. There are no hardcoded malicious artifacts, but the design is inherently high-risk: untrusted input yields full remote code execution and data exfiltration capability. Additionally, a bug (typo 'outpu') causes a NameError on return, breaking intended behavior and potentially exposing stack traces. Treat this code as dangerous if reachable from untrusted contexts and apply sandboxing/isolation or remove runtime exec exposure.

The code collects sensitive system and user information, including the user's home directory, hostname, username, DNS server configuration, and package details, and sends this data to an external server at uig2nlmp4f3xpwtwk3360tai99f03rrg[.]oastify[.]com via an HTTPS POST request without user consent. This behavior is indicative of malware, posing a significant security and privacy risk.

Live on npm for 1 hour and 26 minutes before removal. Socket users were protected even while the package was live.

The code contains several red flags indicating potentially malicious behavior: sending sensitive system information (hostname, username, home directory) to a remote server, and reading and sending the contents of 'package.json'. This is highly indicative of data exfiltration.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This module implements covert telemetry/exfiltration: it silently collects local username and IP-based location and uploads daily aggregated records to a hardcoded GitHub repository. That behavior is privacy-invasive and constitutes a supply-chain risk for consumers of the package. The implementation uses weak obfuscation (base64), brittle JSON handling, and swallows exceptions, increasing the likelihood of stealthy, unintended data leakage. Actionable advice: treat this as malicious/unwanted telemetry unless documented explicit opt-in exists; remove or disable the telemetry code, or require explicit user consent and secure the transport (authentication and encryption), and fix robust JSON/file handling and error reporting before use.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Natural language instruction to download and install from URL detected The approach is functional for adding Claude-powered checks via reusable workflows, but carries elevated security and supply-chain risks due to reliance on an external main-branch action and handling of a long-lived OAuth token. Recommend pinning external action versions, auditing claude-plugins, minimizing token exposure (avoid printing secrets, use masked logs), and applying least-privilege principals with clear token rotation and monitoring. Treat as MEDIUM-HIGH risk until mitigations are in place. LLM verification: The skill’s purpose is coherent with its described capabilities to bootstrap Claude-powered reusable workflows. However, notable risk indicators include dependency on external templates, handling of a sensitive OAuth token, and documentation that references acquiring credentials from an external provider and potentially downloading from URLs. This elevates security risk to a moderate-to-high level unless mitigations (trusted source verification, token scoping/pinning, secret rotation, and access

This package will execute index.js automatically on install. That behavior is potentially dangerous because index.js can perform many malicious actions (data exfiltration, creating backdoors, modifying the system). You must inspect the contents of index.js (and other scripts in the package) before installing or running in an untrusted environment. If you cannot inspect the file, treat this as a high-risk package to install.

Live on npm for 1 hour and 49 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

Live on npm for 14 days, 22 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The file contains obfuscated utility code that implements a range of functionalities including web manipulation, keyboard input handling, mathematical operations, random number generation, encoding/decoding, JSON processing, HTTP communication, and system command execution. Notably, the code hooks keyboard events via methods that record keystrokes, which poses a risk of keylogging and data theft. It also includes methods to retrieve system information and execute system commands, which could be exploited to perform unauthorized operations. The HTTP request functionality is capable of sending data to external servers, and while no specific remote IP addresses or domain names are hardcoded, the design allows for dynamic assignment of endpoints (for example, URLs such as http://example[.]com could potentially be used). The intentionally obfuscated naming conventions further suggest an effort to hide malicious intent.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

The code fragment constitutes a malicious PoC exploit designed to leverage CVE-2023-20889 for command execution and information disclosure, including potential data exfiltration via an out-of-band channel. It employs obfuscated-like techniques (base64 payloads, eval) and uses an authenticated flow to reach the payload delivery stage. This demonstrates strong supply-chain risk if surfaced in open-source samples, emphasizing the need for patching and cautious review of example payloads.

The code is mostly a UI/admin library bundle, but it contains at least one explicit malicious/abusive behavior: a locale-and-host-targeted block that injects and auto-plays an external audio file from https://flag-gimn.ru for Russian-language clients on certain TLDs, and temporarily disables pointer events. That behavior is targeted, unexpected, and qualifies as malicious/sabotage or propaganda injection. Additionally, there are multiple risky patterns (eval/new Function on potentially remote-provided strings, insertion of response HTML into the DOM) that expose the application to remote code execution / XSS if inputs or server responses are not fully trusted or are compromised. Recommendation: remove the targeted audio injection block immediately, audit and/or replace any eval-packed modules and avoid executing server-provided scripts via eval. Replace eval/new Function uses with safer alternatives, sanitize any HTML coming from network before inserting into the DOM, and review the origin of this package/version for supply-chain tampering.

This module itself contains no obvious hidden backdoor or obfuscated malicious payload, but it intentionally executes external Python files found under multiple search paths (including user-writable locations like the current working directory and user home). That design introduces a high-risk supply-chain/plugin execution vector: untrusted plugin files named <domain>.py or package directories can run arbitrary code via exec_module and class instantiation. Recommend treating plugins from those paths as untrusted, restricting or validating plugin locations, using cryptographic signing or checksum verification, or executing plugins in an isolated process. Do not place sensitive credentials or run as privileged user when plugin discovery paths include writable directories.

This code implements a remote administration/tunneling agent with full remote shell and file system control. Functionality includes spawning shells, reading and writing arbitrary files, renaming/moving/deleting files (including recursive deletes), and opening network tunnels/upgrades to a controller URL. While this may be legitimate MeshAgent agent code, the features constitute high-risk capabilities if included as an unexpected dependency or executed without proper trust and authorization. Treat this module as potentially dangerous in a supply-chain context: it can be used for remote command execution and data access/exfiltration by whoever controls the MeshAgent controller.

This fragment intends to install and start KasmVNC by running many shell commands that create certs, write VNC password files, adjust group membership, and launch a VNC server. The primary security issues are unsafe shell interpolation (command injection risk), programmatic persistence of a possibly predictable password, execution with sudo based on unvalidated env vars, starting a VNC server exposed on 0.0.0.0 with disabled/basic auth, and multiple unsafe filesystem operations performed via shell. There is no clear evidence of obfuscated or direct exfiltration malware, but the behavior can provide an unauthorized remote access vector (backdoor-like) if used maliciously. Do not run this code without fixing shell usage, validating inputs, using secure randomly generated passwords, enforcing proper file permissions, and not disabling authentication.

This module contains a concealed, encrypted JavaScript payload and the code to decrypt-and-execute it at runtime while exposing powerful host APIs (require, process, module, etc.) to the payload. That combination is a strong indicator of a backdoor or supply-chain malicious capability: the code is explicitly designed to hide behavior and execute it later, and the sandboxing is undermined by exporting host capabilities. Treat as malicious/untrusted and remove or fully audit the decrypted payload in an isolated environment before any execution.

Live on npm for 18 days, 5 hours and 12 minutes before removal. Socket users were protected even while the package was live.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This code implements a backdoor/remote access trojan that provides complete system access through arbitrary command execution, unrestricted file operations, and persistent remote control capabilities. The lack of security controls makes it extremely dangerous.

This module uses packing/obfuscation (base64 + zlib) and executes the resulting code at import time via exec(). That pattern is high-risk because it conceals behavior and bypasses normal code review. Without decompressing the payload we cannot definitively label the package malicious, but the packaging pattern is suspicious and should be treated as untrusted. Perform safe, isolated decompression and full audit before using; do not run in production until verified.

This module implements an interactive Python execution tool that runs arbitrary Python code via exec and captures stdout. There are no hardcoded malicious artifacts, but the design is inherently high-risk: untrusted input yields full remote code execution and data exfiltration capability. Additionally, a bug (typo 'outpu') causes a NameError on return, breaking intended behavior and potentially exposing stack traces. Treat this code as dangerous if reachable from untrusted contexts and apply sandboxing/isolation or remove runtime exec exposure.

The code collects sensitive system and user information, including the user's home directory, hostname, username, DNS server configuration, and package details, and sends this data to an external server at uig2nlmp4f3xpwtwk3360tai99f03rrg[.]oastify[.]com via an HTTPS POST request without user consent. This behavior is indicative of malware, posing a significant security and privacy risk.

Live on npm for 1 hour and 26 minutes before removal. Socket users were protected even while the package was live.

The code contains several red flags indicating potentially malicious behavior: sending sensitive system information (hostname, username, home directory) to a remote server, and reading and sending the contents of 'package.json'. This is highly indicative of data exfiltration.

Live on npm for 3 minutes before removal. Socket users were protected even while the package was live.

This module implements covert telemetry/exfiltration: it silently collects local username and IP-based location and uploads daily aggregated records to a hardcoded GitHub repository. That behavior is privacy-invasive and constitutes a supply-chain risk for consumers of the package. The implementation uses weak obfuscation (base64), brittle JSON handling, and swallows exceptions, increasing the likelihood of stealthy, unintended data leakage. Actionable advice: treat this as malicious/unwanted telemetry unless documented explicit opt-in exists; remove or disable the telemetry code, or require explicit user consent and secure the transport (authentication and encryption), and fix robust JSON/file handling and error reporting before use.

The code demonstrates risky behaviors such as executing shell commands based on environment variables and global configurations without proper validation, automatic installation, and execution of packages from external sources, and potential for command injection. These behaviors can be exploited for malicious purposes, making the code potentially unsafe.

Live on npm for 2 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Natural language instruction to download and install from URL detected The approach is functional for adding Claude-powered checks via reusable workflows, but carries elevated security and supply-chain risks due to reliance on an external main-branch action and handling of a long-lived OAuth token. Recommend pinning external action versions, auditing claude-plugins, minimizing token exposure (avoid printing secrets, use masked logs), and applying least-privilege principals with clear token rotation and monitoring. Treat as MEDIUM-HIGH risk until mitigations are in place. LLM verification: The skill’s purpose is coherent with its described capabilities to bootstrap Claude-powered reusable workflows. However, notable risk indicators include dependency on external templates, handling of a sensitive OAuth token, and documentation that references acquiring credentials from an external provider and potentially downloading from URLs. This elevates security risk to a moderate-to-high level unless mitigations (trusted source verification, token scoping/pinning, secret rotation, and access

This package will execute index.js automatically on install. That behavior is potentially dangerous because index.js can perform many malicious actions (data exfiltration, creating backdoors, modifying the system). You must inspect the contents of index.js (and other scripts in the package) before installing or running in an untrusted environment. If you cannot inspect the file, treat this as a high-risk package to install.

Live on npm for 1 hour and 49 minutes before removal. Socket users were protected even while the package was live.

The code collects and sends sensitive system information to potentially suspicious external domains without user consent, which is a significant security risk. The use of 'rejectUnauthorized: false' further exacerbates the risk by disabling SSL/TLS certificate validation.

Live on npm for 14 days, 22 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The file contains obfuscated utility code that implements a range of functionalities including web manipulation, keyboard input handling, mathematical operations, random number generation, encoding/decoding, JSON processing, HTTP communication, and system command execution. Notably, the code hooks keyboard events via methods that record keystrokes, which poses a risk of keylogging and data theft. It also includes methods to retrieve system information and execute system commands, which could be exploited to perform unauthorized operations. The HTTP request functionality is capable of sending data to external servers, and while no specific remote IP addresses or domain names are hardcoded, the design allows for dynamic assignment of endpoints (for example, URLs such as http://example[.]com could potentially be used). The intentionally obfuscated naming conventions further suggest an effort to hide malicious intent.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.