Secure your dependencies. Ship with confidence.

This code module functions as a remotely controlled execution agent: it authenticates to an orchestrator, receives server instructions over WebSocket, executes server-provided commands locally via child_process.spawn, and streams the command’s stdout/stderr and completion status back to the server. It also sends detailed host/system fingerprints and transmits a pairing secret in a URL query parameter during polling. Even if intended for legitimate orchestration, the capability set (remote command execution + output exfiltration + token-based authenticated channel) presents a high supply-chain security risk and could be repurposed as a backdoor/RAT if the orchestrator, configuration, or traffic is compromised.

Highest concern: the module conditionally fetches JavaScript from https://unpkg.com and executes it with eval to create a globalThis.use loader, enabling runtime remote code execution and major supply-chain risk (no integrity/version pinning). Secondary concern: it then parses input and writes derived values directly into process.env without strong allowlisting/validation of keys/values, amplifying impact from malicious or unexpected configuration content.

This fragment is mostly consistent with sharp’s native module loader and image-processing option validation, but it also includes a macOS-only clipboard image extraction capability implemented via AppleScript (`osascript`). It reads user clipboard PNG data, writes it to `/tmp`, reads it back into memory, deletes the file, and returns the clipboard image bytes to the caller—an inherently privacy-sensitive behavior that can enable clipboard harvesting. No network exfiltration is shown in the provided code, so maliciousness depends on how the returned data is used by the importing application, but the capability itself is a significant security concern.

The dominant security issue is a high-impact supply-chain/RCE bootstrap: the script fetches JavaScript from an external CDN at runtime and executes it via eval() to obtain a command execution facility. This creates an extreme trust assumption (uncontrolled remote code execution) and makes subsequent command execution behavior unverifiable. Additionally, caller-controlled parameters are interpolated into `gh api` and `git pull` commands without validation in this snippet, increasing the likelihood of command/argument misuse. Malware is not explicitly shown, but the loader pattern makes malicious takeover plausible. Review/mitigate by removing runtime eval/fetch, pinning dependencies with integrity/lockfiles, and validating/escaping all command parameters.

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

Suspicious/high-risk behavior is present: the module intentionally crafts retry instructions (from error paths) that instruct silent reading of many user source files from the workspace and resubmission via inline_files, with guidance to avoid mentioning sensitive context. This is consistent with data exfiltration / prompt-injection sabotage patterns. Additional concerns include using GITHUB_PAT for cloning and dynamic eval() usage in the tree-sitter adapter. Overall, the code should be reviewed and likely treated as potentially malicious or at least unsafe in a production supply-chain context.

This module is strongly unsafe: it dynamically registers event handlers based on configuration and executes arbitrary code via eval(_data.func), with _data.func coming from eventScript/list data. It also renders a runtime-generated Vue template (generateData.html) and parses columns metadata (JSON.parse). If any portion of the configuration/template inputs is attacker-influenced, the code enables client-side arbitrary code execution and likely qualifies as a high-severity supply-chain/runtime integrity risk.

This fragment includes a highly suspicious supply-chain execution pattern: it spawns a Worker whose JavaScript source is embedded as a base64 string and loaded via a `data:application/javascript;base64, ...` URL. Because the worker code is hardcoded inside the dependency and executed at runtime (when the feature is enabled), this presents a meaningful risk of malicious behavior (backdoor-like logic and/or sensitive data extraction) with an existing exfiltration path to remote telemetry endpoints. Additionally, it reads local source files based on stack frame filenames to attach context lines, which can increase unintended local data exposure in edge cases.

This module has a severe supply-chain security weakness: it conditionally fetches JavaScript from a public CDN at runtime and executes it immediately via eval() to initialize globalThis.use, granting full arbitrary code execution to the fetched content. This makes the package effectively untrustworthy until the remote loader is removed or cryptographically verified/pinned. Other behaviors (Claude CLI streaming orchestration, retries, session token accounting, optional PR comment automation, optional git auto-commit/push) appear operationally plausible, but the eval(fetch) stage dominates the risk profile.

High concern: the code fetches JavaScript from an external CDN (unpkg) and executes it via eval at runtime. This creates a direct supply-chain and remote code execution risk (potential backdoor/sabotage), independent of the rest of the logic. The remaining parts mainly parse stdout for IDs and read a local file to post comment content.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

This module has a critical supply-chain/runtime security flaw: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to establish globalThis.use. That provides an immediate arbitrary-code-execution path under the privileges of the running process, making the package highly untrustworthy regardless of the rest of the logic appearing to only perform benign disk/RAM checks. Treat this dependency/module as compromised/unacceptable unless the remote eval bootstrap is removed or replaced with pinned, integrity-verified local code.

High concern: the code fetches JavaScript from an external CDN (unpkg) and executes it via eval at runtime. This creates a direct supply-chain and remote code execution risk (potential backdoor/sabotage), independent of the rest of the logic. The remaining parts mainly parse stdout for IDs and read a local file to post comment content.

This module has a critical, high-risk supply-chain pattern: it downloads executable JavaScript from a public CDN at runtime and executes it with eval to populate globalThis.use, which is then used to obtain a command execution helper for running `gh` commands. The rest of the code appears to be CI/PR status orchestration, but the eval-based remote loader makes the overall package trustworthiness very low and warrants blocking/review before use (pinning, removing eval/remote loading, and replacing with vetted local dependencies/integrity-verified code).

This module exhibits a severe supply-chain/sabotage pattern: it fetches code from https://unpkg.com/use-m/use.js at runtime and executes it using eval(), then uses the resulting global loader to load other dependencies. This enables remote code execution outside normal npm integrity/lockfile protections and is a high-severity malicious-behavior indicator. Additionally, spawning a possibly PATH-resolved 'solve' binary increases risk if PATH is manipulated.

High-risk behavior consistent with sensitive credential exfiltration and account automation. The code retrieves stored credentials (email/password/TOTP) from the Rosetta backend and submits them to a hardcoded remote proxy domain (https://bcai.site/api/proxy) via automation/start. Additionally, the window message handling does not validate origin/sender, increasing the risk of spoofed automation events. While this appears functionally like an automation tool, it matches the extension-focused criteria for credential theft/exfiltration.

This module contains multiple high-severity arbitrary code execution sinks (new Function/eval from configuration strings) and a direct DOM script injection sink (script.innerHTML). If any attacker can influence the form schema/field.options, validation expressions, or injected global script/CSS, they can execute arbitrary JavaScript in page context (DOM-based XSS/RCE). Overall, it is dangerously permissive for a dependency and should only be used with fully trusted, immutable configuration.

This fragment is consistent with malicious supply-chain reconnaissance/stealing: it automatically collects host/user identity, external IP from a remote service, reads local configuration file contents from multiple candidate paths, executes a shell command to capture activity output, encrypts the aggregated data with an embedded secret, and exfiltrates it over TCP to a configurable endpoint. The extensive obfuscation/indirection and custom encrypted transport further strengthen the assessment. Treat the package as malicious and investigate for execution, persistence, and egress to the configured endpoint/port.

High security risk. The module performs remote-content-driven dynamic code execution using eval() (via decrypted slide/animation strings), and it appears to leak document.cookie during a WebSocket-based synchronization feature using a runtime-controlled host (#syn data-host). These behaviors are consistent with malicious/credential-harvesting and script-injection attack patterns. This code should be reviewed/isolated and treated as potentially malicious until provenance and payload constraints are verified.

High-risk behavior consistent with sensitive credential exfiltration and account automation. The code retrieves stored credentials (email/password/TOTP) from the Rosetta backend and submits them to a hardcoded remote proxy domain (https://bcai.site/api/proxy) via automation/start. Additionally, the window message handling does not validate origin/sender, increasing the risk of spoofed automation events. While this appears functionally like an automation tool, it matches the extension-focused criteria for credential theft/exfiltration.

This module implements a remote WebSocket command bridge that—once the `verified` gate is satisfied—dispatches untrusted commands to handlers that can collect sensitive data (screenshots, DOM, logs/accessibility/vitals) and includes a clearly high-risk `exec-js` command path that likely enables remote code execution. It returns command results and errors back to the server over the network, creating direct exfiltration potential. Due to missing verification logic and unseen handler implementations, exact exploitability cannot be confirmed from this fragment alone, but the control-flow pattern is consistent with a dangerous remote agent that warrants strict review, hardening, and strong authentication/authorization guarantees.

This module has a critical supply-chain risk: it fetches executable JavaScript from a public CDN at runtime and executes it with eval(), then uses the resulting loader to obtain command execution and filesystem capabilities. That grants an attacker (via CDN compromise, endpoint tampering, or network interception) the ability to run arbitrary code within the CLI context, including running GitHub CLI commands and potentially uploading local logs to GitHub. While the surrounding code is mainly CLI orchestration, the eval+remote bootstrap is a severe red flag and is consistent with loader/backdoor-style behavior.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This module is a high-impact remote download-and-execute launcher. It retrieves a binary from a configurable network URL, drops it to disk, optionally checks SHA-256 only when configured, clears macOS quarantine-related extended attributes, and executes the payload detached with ignored stdio. Because the execution target and arguments are derived from local config and the integrity enforcement is optional, the supply-chain risk is substantial: compromise of config files or the download URL can directly lead to arbitrary code execution on the host. No clear data exfiltration/credential theft is evident within this snippet, but the loader/execution capability alone is strongly concerning.

This module is strongly unsafe: it dynamically registers event handlers based on configuration and executes arbitrary code via eval(_data.func), with _data.func coming from eventScript/list data. It also renders a runtime-generated Vue template (generateData.html) and parses columns metadata (JSON.parse). If any portion of the configuration/template inputs is attacker-influenced, the code enables client-side arbitrary code execution and likely qualifies as a high-severity supply-chain/runtime integrity risk.

This code module functions as a remotely controlled execution agent: it authenticates to an orchestrator, receives server instructions over WebSocket, executes server-provided commands locally via child_process.spawn, and streams the command’s stdout/stderr and completion status back to the server. It also sends detailed host/system fingerprints and transmits a pairing secret in a URL query parameter during polling. Even if intended for legitimate orchestration, the capability set (remote command execution + output exfiltration + token-based authenticated channel) presents a high supply-chain security risk and could be repurposed as a backdoor/RAT if the orchestrator, configuration, or traffic is compromised.

Highest concern: the module conditionally fetches JavaScript from https://unpkg.com and executes it with eval to create a globalThis.use loader, enabling runtime remote code execution and major supply-chain risk (no integrity/version pinning). Secondary concern: it then parses input and writes derived values directly into process.env without strong allowlisting/validation of keys/values, amplifying impact from malicious or unexpected configuration content.

This fragment is mostly consistent with sharp’s native module loader and image-processing option validation, but it also includes a macOS-only clipboard image extraction capability implemented via AppleScript (`osascript`). It reads user clipboard PNG data, writes it to `/tmp`, reads it back into memory, deletes the file, and returns the clipboard image bytes to the caller—an inherently privacy-sensitive behavior that can enable clipboard harvesting. No network exfiltration is shown in the provided code, so maliciousness depends on how the returned data is used by the importing application, but the capability itself is a significant security concern.

The dominant security issue is a high-impact supply-chain/RCE bootstrap: the script fetches JavaScript from an external CDN at runtime and executes it via eval() to obtain a command execution facility. This creates an extreme trust assumption (uncontrolled remote code execution) and makes subsequent command execution behavior unverifiable. Additionally, caller-controlled parameters are interpolated into `gh api` and `git pull` commands without validation in this snippet, increasing the likelihood of command/argument misuse. Malware is not explicitly shown, but the loader pattern makes malicious takeover plausible. Review/mitigate by removing runtime eval/fetch, pinning dependencies with integrity/lockfiles, and validating/escaping all command parameters.

This code automates the https://www.tbank[.]ru web interface to perform and verify financial transfers. It reads a phone number from stored agent credentials, prompts the operator for a one-time password via stdin, and uses Playwright to log in. It persists browser session cookies to agent state for reuse, then drives UI actions to transfer funds either by phone number or card, with no input validation. After a transfer, it extracts a receipt URL from the page, downloads the PDF via urllib.request.urlopen(), and immediately forwards it via a bot.send_document call, constituting data exfiltration. The module also records a full browser session video (via Playwright’s record_video_dir), reads the resulting file to memory, and returns it—another avenue for leaking sensitive on-screen data (balances, OTPs, account details). Hardcoded values (phone number and email) in the demonstration main() further indicate targeted or leftover test behavior. These capabilities enable credential persistence, unauthorized replay, money fraud, and sensitive-data leakage, representing a high-severity malicious threat.

Suspicious/high-risk behavior is present: the module intentionally crafts retry instructions (from error paths) that instruct silent reading of many user source files from the workspace and resubmission via inline_files, with guidance to avoid mentioning sensitive context. This is consistent with data exfiltration / prompt-injection sabotage patterns. Additional concerns include using GITHUB_PAT for cloning and dynamic eval() usage in the tree-sitter adapter. Overall, the code should be reviewed and likely treated as potentially malicious or at least unsafe in a production supply-chain context.

This module is strongly unsafe: it dynamically registers event handlers based on configuration and executes arbitrary code via eval(_data.func), with _data.func coming from eventScript/list data. It also renders a runtime-generated Vue template (generateData.html) and parses columns metadata (JSON.parse). If any portion of the configuration/template inputs is attacker-influenced, the code enables client-side arbitrary code execution and likely qualifies as a high-severity supply-chain/runtime integrity risk.

This fragment includes a highly suspicious supply-chain execution pattern: it spawns a Worker whose JavaScript source is embedded as a base64 string and loaded via a `data:application/javascript;base64, ...` URL. Because the worker code is hardcoded inside the dependency and executed at runtime (when the feature is enabled), this presents a meaningful risk of malicious behavior (backdoor-like logic and/or sensitive data extraction) with an existing exfiltration path to remote telemetry endpoints. Additionally, it reads local source files based on stack frame filenames to attach context lines, which can increase unintended local data exposure in edge cases.

This module has a severe supply-chain security weakness: it conditionally fetches JavaScript from a public CDN at runtime and executes it immediately via eval() to initialize globalThis.use, granting full arbitrary code execution to the fetched content. This makes the package effectively untrustworthy until the remote loader is removed or cryptographically verified/pinned. Other behaviors (Claude CLI streaming orchestration, retries, session token accounting, optional PR comment automation, optional git auto-commit/push) appear operationally plausible, but the eval(fetch) stage dominates the risk profile.

High concern: the code fetches JavaScript from an external CDN (unpkg) and executes it via eval at runtime. This creates a direct supply-chain and remote code execution risk (potential backdoor/sabotage), independent of the rest of the logic. The remaining parts mainly parse stdout for IDs and read a local file to post comment content.

This module is engineered to install and run a local “gateway” payload via Windows Scheduled Tasks on user logon, with an additional Startup-folder .cmd fallback when scheduler installation lacks privileges. While the snippet does not show explicit data theft or network exfiltration, the combination of persistent execution, immediate triggering, and script generation from caller-provided parameters represents a security-sensitive pattern commonly used by both legitimate agents and malware. Definitive assessment depends on the unseen buildTaskScript/resolve* helpers that define the actual executed payload content.

This module has a critical supply-chain/runtime security flaw: it conditionally fetches JavaScript from an external CDN at runtime and executes it via eval to establish globalThis.use. That provides an immediate arbitrary-code-execution path under the privileges of the running process, making the package highly untrustworthy regardless of the rest of the logic appearing to only perform benign disk/RAM checks. Treat this dependency/module as compromised/unacceptable unless the remote eval bootstrap is removed or replaced with pinned, integrity-verified local code.

High concern: the code fetches JavaScript from an external CDN (unpkg) and executes it via eval at runtime. This creates a direct supply-chain and remote code execution risk (potential backdoor/sabotage), independent of the rest of the logic. The remaining parts mainly parse stdout for IDs and read a local file to post comment content.

This module has a critical, high-risk supply-chain pattern: it downloads executable JavaScript from a public CDN at runtime and executes it with eval to populate globalThis.use, which is then used to obtain a command execution helper for running `gh` commands. The rest of the code appears to be CI/PR status orchestration, but the eval-based remote loader makes the overall package trustworthiness very low and warrants blocking/review before use (pinning, removing eval/remote loading, and replacing with vetted local dependencies/integrity-verified code).

This module exhibits a severe supply-chain/sabotage pattern: it fetches code from https://unpkg.com/use-m/use.js at runtime and executes it using eval(), then uses the resulting global loader to load other dependencies. This enables remote code execution outside normal npm integrity/lockfile protections and is a high-severity malicious-behavior indicator. Additionally, spawning a possibly PATH-resolved 'solve' binary increases risk if PATH is manipulated.

High-risk behavior consistent with sensitive credential exfiltration and account automation. The code retrieves stored credentials (email/password/TOTP) from the Rosetta backend and submits them to a hardcoded remote proxy domain (https://bcai.site/api/proxy) via automation/start. Additionally, the window message handling does not validate origin/sender, increasing the risk of spoofed automation events. While this appears functionally like an automation tool, it matches the extension-focused criteria for credential theft/exfiltration.

This module contains multiple high-severity arbitrary code execution sinks (new Function/eval from configuration strings) and a direct DOM script injection sink (script.innerHTML). If any attacker can influence the form schema/field.options, validation expressions, or injected global script/CSS, they can execute arbitrary JavaScript in page context (DOM-based XSS/RCE). Overall, it is dangerously permissive for a dependency and should only be used with fully trusted, immutable configuration.

This fragment is consistent with malicious supply-chain reconnaissance/stealing: it automatically collects host/user identity, external IP from a remote service, reads local configuration file contents from multiple candidate paths, executes a shell command to capture activity output, encrypts the aggregated data with an embedded secret, and exfiltrates it over TCP to a configurable endpoint. The extensive obfuscation/indirection and custom encrypted transport further strengthen the assessment. Treat the package as malicious and investigate for execution, persistence, and egress to the configured endpoint/port.

High security risk. The module performs remote-content-driven dynamic code execution using eval() (via decrypted slide/animation strings), and it appears to leak document.cookie during a WebSocket-based synchronization feature using a runtime-controlled host (#syn data-host). These behaviors are consistent with malicious/credential-harvesting and script-injection attack patterns. This code should be reviewed/isolated and treated as potentially malicious until provenance and payload constraints are verified.

High-risk behavior consistent with sensitive credential exfiltration and account automation. The code retrieves stored credentials (email/password/TOTP) from the Rosetta backend and submits them to a hardcoded remote proxy domain (https://bcai.site/api/proxy) via automation/start. Additionally, the window message handling does not validate origin/sender, increasing the risk of spoofed automation events. While this appears functionally like an automation tool, it matches the extension-focused criteria for credential theft/exfiltration.

This module implements a remote WebSocket command bridge that—once the `verified` gate is satisfied—dispatches untrusted commands to handlers that can collect sensitive data (screenshots, DOM, logs/accessibility/vitals) and includes a clearly high-risk `exec-js` command path that likely enables remote code execution. It returns command results and errors back to the server over the network, creating direct exfiltration potential. Due to missing verification logic and unseen handler implementations, exact exploitability cannot be confirmed from this fragment alone, but the control-flow pattern is consistent with a dangerous remote agent that warrants strict review, hardening, and strong authentication/authorization guarantees.

This module has a critical supply-chain risk: it fetches executable JavaScript from a public CDN at runtime and executes it with eval(), then uses the resulting loader to obtain command execution and filesystem capabilities. That grants an attacker (via CDN compromise, endpoint tampering, or network interception) the ability to run arbitrary code within the CLI context, including running GitHub CLI commands and potentially uploading local logs to GitHub. While the surrounding code is mainly CLI orchestration, the eval+remote bootstrap is a severe red flag and is consistent with loader/backdoor-style behavior.

This Python code uses Playwright to automate login and fund transfers on the online[.]mtsdengi[.]ru site. It retrieves or prompts for a one-time code (OTP) via input(), injects it into the login form, captures the browser storage_state (session cookies) and persists them in a database for future reuse without 2FA, then navigates to the card-to-card transfer page and transfers a fixed amount ("10") to a hardcoded recipient card number 2200700829876027. The browser is launched with flags (--disable-blink-features=AutomationControlled, --no-sandbox, --disable-web-security, etc.) to evade automation detection and security controls. All behavior indicates malicious intent for unauthorized persistent access and repeated theft of funds.

This module is a high-impact remote download-and-execute launcher. It retrieves a binary from a configurable network URL, drops it to disk, optionally checks SHA-256 only when configured, clears macOS quarantine-related extended attributes, and executes the payload detached with ignored stdio. Because the execution target and arguments are derived from local config and the integrity enforcement is optional, the supply-chain risk is substantial: compromise of config files or the download URL can directly lead to arbitrary code execution on the host. No clear data exfiltration/credential theft is evident within this snippet, but the loader/execution capability alone is strongly concerning.

This module is strongly unsafe: it dynamically registers event handlers based on configuration and executes arbitrary code via eval(_data.func), with _data.func coming from eventScript/list data. It also renders a runtime-generated Vue template (generateData.html) and parses columns metadata (JSON.parse). If any portion of the configuration/template inputs is attacker-influenced, the code enables client-side arbitrary code execution and likely qualifies as a high-severity supply-chain/runtime integrity risk.