Secure your dependencies. Ship with confidence.

The fragment shows highly suspicious behavior indicative of potential payload staging and backdoor risk: executing an external main.sh, cleaning traces, and replacing a script path with a binary to enable hidden execution. This pattern is a strong supply-chain/security concern for npm-like distributions. A thorough review should focus on the contents of main.sh and the a.out binary, integrity verification of package files, and removal of any dynamic script replacement behaviors before trusting or distributing the package.

This assembly contains clear indicators of an obfuscated runtime loader/packer: reading embedded resources/files, decrypting them, allocating executable memory, and patching process/JIT pointers via native APIs (VirtualAlloc/VirtualProtect/WriteProcessMemory/Marshal.WriteIntPtr) and dynamic delegate/IL generation. Those are classic signs of an in-memory code injector/backdoor/loader. The presence of normal web middleware and helpers alongside the obfuscated loader suggests supply-chain risk — the package can appear legitimate but contains hidden payload-execution logic. I assess this as likely malicious or at minimum extremely high-risk; do not use in production and perform a full incident response and binary-level dynamic 분석 and provenance check of the original package/source.

MALICIOUS. This skill’s stated purpose is offensive post-exploitation: transferring attacker tools to compromised machines, executing them, evading AV/EDR, and erasing traces. Its capabilities, data flows, and concealment guidance are fundamentally incompatible with benign developer-assistance use and squarely enable unauthorized intrusion activity.

This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including all environment variables, platform details, hostname, username, and MAC addresses from network interfaces. This data is then transmitted via HTTP POST request to a suspicious remote server at https://log-server-lovat[.]vercel[.]app/api/ipcheck/703 with a custom header 'x-secret-header: secret'. After sending the collected data, the malware evaluates the server's response as JavaScript code using eval(), enabling arbitrary remote code execution. The code employs obfuscation by hex-encoding critical strings like 'require', 'axios', 'post', and the target URL to evade detection. Error handling is deliberately suppressed to prevent detection of failed operations. This represents a critical supply chain attack vector that compromises system security through both data theft and remote control capabilities.

Live on npm for 22 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and sending system information to an external domain, indicating data exfiltration. This poses a significant security risk.

Live on npm for 3 days, 12 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module is primarily a UDP networking utility, but it contains high-impact Linux persistence behavior: it writes an /etc/init.d script, chmods it to 777, and the script is designed to start the current executable in the background. That behavior is inconsistent with benign UDP heartbeat/log libraries and represents a significant supply-chain risk. Additionally, the module sends heartbeat/log frames over UDP (with LogSender able to transmit arbitrary msg text to a configured endpoint), and it forwards untrusted UDP payloads to consumer callbacks. Recommend treating this dependency as suspicious: require code review/approval, remove/disable the init.d logic if not strictly necessary, and add input validation/escaping and least-privilege permissions if the feature is legitimate.

This code dynamically executes Python taken from comment content labelled 'Python Gen:' by building and eval()-ing a function whose body comes directly from the regex capture. If the 'comm' input can be influenced by an attacker, this is a high-risk remote code execution vector. The group-index remapping makes the capture-to-execution mapping less obvious. Do not use on untrusted input; if this functionality is required, restrict or sanitize inputs, use a safe execution sandbox, or remove dynamic eval altogether.

This script is sending sensitive system information to a remote server. This behavior is considered highly suspicious and malicious.

Live on npm for 25 days, 13 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior through obfuscation and execution of files, which could indicate malicious intent. The use of Base64 encoding to hide module names and file paths, along with the execution of a file from the APPDATA directory, suggests a potential security risk.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

On Windows, the constructor writes a PowerShell script to %TMP%\ab.ps1 that contains two Base64-encoded payloads: one gzipped blob decoded into a PowerShell command ($cmd) and a second Base64 string decoded into a Python source snippet. It launches powershell.exe with –ExecutionPolicy Bypass and –WindowStyle Hidden, uses Set-Content to overwrite the original .py file, invokes the decoded commands via Invoke-Expression, deletes ab.ps1 for cleanup, and then exits the Python process. This self-modifying, hidden execution pattern enables arbitrary code execution, stealthy persistence, and supply-chain/backdoor compromise.

Live on pypi for 119 days, 14 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior is indicative of malicious intent, constituting a supply chain security threat. There is no obfuscation, but the data leak is serious and should be treated as a high-risk security incident.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This code is malicious: it exfiltrates process.env to a hard-coded external URL on module load, using obfuscation to hide the behavior. Do not run or include this package. Treat it as a compromise/supply-chain attack and remove or block the package, rotate any secrets that may have been exposed, and investigate systems where it ran.

The script is highly suspicious and shows strong signs of malicious activity. It gathers sensitive data from the host machine and sends it to an external server. It also tries to open a reverse shell. This could lead to unauthorized access and control of the host machine.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior by sending userId data to a hardcoded external IP address over unencrypted HTTP without authentication or user consent. This pattern is indicative of potential data exfiltration or privacy violation, which aligns with malware-like behavior. While the code itself is not obfuscated and does not contain explicit backdoors or credential leaks, the hardcoded external endpoint and silent error handling increase the security risk. Overall, this code should be treated as high risk and potentially malicious.

This preinstall hook performs immediate data exfiltration of host and user information to an external domain during package installation. This is malicious/spyware-like behavior and poses a high security risk. Do not install this package; inspect and block network requests and consider it compromised.

Live on npm for 1 hour and 49 minutes before removal. Socket users were protected even while the package was live.

This module collects a near-complete dump of application state (answers), metadata, file paths and some user PII, and attempts to POST them together with an API key to a hard-coded external endpoint. The pattern is consistent with unauthorized data exfiltration. In this exact file a coding bug (returning an undefined variable) will likely cause a runtime error and prevent successful exfiltration, but that does not mitigate the malicious design. Treat this as a high-risk supply-chain/backdoor indicator: remove or quarantine, audit repository history for when/why this was added, and harden configuration and consent controls before any similar code is accepted.

This file constructs a JSON object containing the system's hostname and a timestamp, then sends it via an HTTPS POST request to xglkcqtkpgpaxdrmmnfgdev728sn2ar63[.]oast[.]fun without user consent. The suspicious domain, combined with the covert transmission of system information, strongly suggests malicious intent and raises significant privacy and security concerns.

This function performs deliberate credential harvesting by contacting Kubelet endpoints on cluster nodes to list pods and execute 'cat <serviceaccount token>' inside running containers, then logs and stores retrieved tokens. The behavior is malicious/abusive for production environments and represents a high-security risk. Treat this code as hostile: remove from trusted dependencies, investigate any use in your environment, and rotate compromised credentials.

This code is malicious in nature as it is designed to extract sensitive user account information and send it to an external server. It poses a severe security risk due to unauthorized data exfiltration.

Live on npm for 1 day, 15 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This module performs unsolicited collection of host, network, environment, and project metadata and transmits it to a hardcoded external IP address over HTTP when the module is loaded. The behavior is strongly indicative of covert telemetry or data-exfiltration. Because it runs eagerly, targets include any project that installs or requires this package. Recommend treating this package as malicious or high-risk: remove or sandbox it, block outbound connections to the IP/port, and investigate any systems that executed it for possible data exposure.

The fragment shows highly suspicious behavior indicative of potential payload staging and backdoor risk: executing an external main.sh, cleaning traces, and replacing a script path with a binary to enable hidden execution. This pattern is a strong supply-chain/security concern for npm-like distributions. A thorough review should focus on the contents of main.sh and the a.out binary, integrity verification of package files, and removal of any dynamic script replacement behaviors before trusting or distributing the package.

This assembly contains clear indicators of an obfuscated runtime loader/packer: reading embedded resources/files, decrypting them, allocating executable memory, and patching process/JIT pointers via native APIs (VirtualAlloc/VirtualProtect/WriteProcessMemory/Marshal.WriteIntPtr) and dynamic delegate/IL generation. Those are classic signs of an in-memory code injector/backdoor/loader. The presence of normal web middleware and helpers alongside the obfuscated loader suggests supply-chain risk — the package can appear legitimate but contains hidden payload-execution logic. I assess this as likely malicious or at minimum extremely high-risk; do not use in production and perform a full incident response and binary-level dynamic 분석 and provenance check of the original package/source.

MALICIOUS. This skill’s stated purpose is offensive post-exploitation: transferring attacker tools to compromised machines, executing them, evading AV/EDR, and erasing traces. Its capabilities, data flows, and concealment guidance are fundamentally incompatible with benign developer-assistance use and squarely enable unauthorized intrusion activity.

This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including all environment variables, platform details, hostname, username, and MAC addresses from network interfaces. This data is then transmitted via HTTP POST request to a suspicious remote server at https://log-server-lovat[.]vercel[.]app/api/ipcheck/703 with a custom header 'x-secret-header: secret'. After sending the collected data, the malware evaluates the server's response as JavaScript code using eval(), enabling arbitrary remote code execution. The code employs obfuscation by hex-encoding critical strings like 'require', 'axios', 'post', and the target URL to evade detection. Error handling is deliberately suppressed to prevent detection of failed operations. This represents a critical supply chain attack vector that compromises system security through both data theft and remote control capabilities.

Live on npm for 22 hours and 29 minutes before removal. Socket users were protected even while the package was live.

The code exhibits malicious behavior by collecting and sending system information to an external domain, indicating data exfiltration. This poses a significant security risk.

Live on npm for 3 days, 12 hours and 58 minutes before removal. Socket users were protected even while the package was live.

This module is primarily a UDP networking utility, but it contains high-impact Linux persistence behavior: it writes an /etc/init.d script, chmods it to 777, and the script is designed to start the current executable in the background. That behavior is inconsistent with benign UDP heartbeat/log libraries and represents a significant supply-chain risk. Additionally, the module sends heartbeat/log frames over UDP (with LogSender able to transmit arbitrary msg text to a configured endpoint), and it forwards untrusted UDP payloads to consumer callbacks. Recommend treating this dependency as suspicious: require code review/approval, remove/disable the init.d logic if not strictly necessary, and add input validation/escaping and least-privilege permissions if the feature is legitimate.

This code dynamically executes Python taken from comment content labelled 'Python Gen:' by building and eval()-ing a function whose body comes directly from the regex capture. If the 'comm' input can be influenced by an attacker, this is a high-risk remote code execution vector. The group-index remapping makes the capture-to-execution mapping less obvious. Do not use on untrusted input; if this functionality is required, restrict or sanitize inputs, use a safe execution sandbox, or remove dynamic eval altogether.

This script is sending sensitive system information to a remote server. This behavior is considered highly suspicious and malicious.

Live on npm for 25 days, 13 hours and 43 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior through obfuscation and execution of files, which could indicate malicious intent. The use of Base64 encoding to hide module names and file paths, along with the execution of a file from the APPDATA directory, suggests a potential security risk.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

On Windows, the constructor writes a PowerShell script to %TMP%\ab.ps1 that contains two Base64-encoded payloads: one gzipped blob decoded into a PowerShell command ($cmd) and a second Base64 string decoded into a Python source snippet. It launches powershell.exe with –ExecutionPolicy Bypass and –WindowStyle Hidden, uses Set-Content to overwrite the original .py file, invokes the decoded commands via Invoke-Expression, deletes ab.ps1 for cleanup, and then exits the Python process. This self-modifying, hidden execution pattern enables arbitrary code execution, stealthy persistence, and supply-chain/backdoor compromise.

Live on pypi for 119 days, 14 hours and 47 minutes before removal. Socket users were protected even while the package was live.

The fragment contains a high-risk pattern: it downloads a Python script from a remote source and immediately executes it without integrity verification or sandboxing. This creates a critical supply-chain and remote-code-execution risk, as the remote payload could perform any action on the host, including data exfiltration, credential access, or system compromise. Even though defaults use placeholders, the mechanism itself is unsafe and should be disallowed or hardened (e.g., verify hashes, use signed modules, avoid executing remote code).

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code performs unauthorized exfiltration of sensitive internal project data (package name, version, git commit hash) to a suspicious external server without user consent. This behavior is indicative of malicious intent, constituting a supply chain security threat. There is no obfuscation, but the data leak is serious and should be treated as a high-risk security incident.

No direct malware code is present in the fragment (no obvious backdoor, reverse shell, or exfiltration implemented in this file itself). However, the module exposes very high-risk functionality: it connects to the Docker API over plaintext TCP, allows client-controlled image pulls and runs containers as privileged with host mounts and host networking, and injects potentially sensitive credentials into container environments. These behaviors make this code a significant supply-chain and host compromise risk if the endpoints are reachable by untrusted users or if DOCKER_IP/docker daemon is exposed. Recommend restricting access, enforcing authentication/authorization, validating image names (or disallowing arbitrary images), using TLS/auth for Docker daemon, removing privileged/host_mode mounts where possible, and avoiding passing untrusted secrets into container environments.

This code is malicious: it exfiltrates process.env to a hard-coded external URL on module load, using obfuscation to hide the behavior. Do not run or include this package. Treat it as a compromise/supply-chain attack and remove or block the package, rotate any secrets that may have been exposed, and investigate systems where it ran.

The script is highly suspicious and shows strong signs of malicious activity. It gathers sensitive data from the host machine and sends it to an external server. It also tries to open a reverse shell. This could lead to unauthorized access and control of the host machine.

Live on npm for 24 minutes before removal. Socket users were protected even while the package was live.

The code exhibits suspicious behavior by sending userId data to a hardcoded external IP address over unencrypted HTTP without authentication or user consent. This pattern is indicative of potential data exfiltration or privacy violation, which aligns with malware-like behavior. While the code itself is not obfuscated and does not contain explicit backdoors or credential leaks, the hardcoded external endpoint and silent error handling increase the security risk. Overall, this code should be treated as high risk and potentially malicious.

This preinstall hook performs immediate data exfiltration of host and user information to an external domain during package installation. This is malicious/spyware-like behavior and poses a high security risk. Do not install this package; inspect and block network requests and consider it compromised.

Live on npm for 1 hour and 49 minutes before removal. Socket users were protected even while the package was live.

This module collects a near-complete dump of application state (answers), metadata, file paths and some user PII, and attempts to POST them together with an API key to a hard-coded external endpoint. The pattern is consistent with unauthorized data exfiltration. In this exact file a coding bug (returning an undefined variable) will likely cause a runtime error and prevent successful exfiltration, but that does not mitigate the malicious design. Treat this as a high-risk supply-chain/backdoor indicator: remove or quarantine, audit repository history for when/why this was added, and harden configuration and consent controls before any similar code is accepted.

This file constructs a JSON object containing the system's hostname and a timestamp, then sends it via an HTTPS POST request to xglkcqtkpgpaxdrmmnfgdev728sn2ar63[.]oast[.]fun without user consent. The suspicious domain, combined with the covert transmission of system information, strongly suggests malicious intent and raises significant privacy and security concerns.

This function performs deliberate credential harvesting by contacting Kubelet endpoints on cluster nodes to list pods and execute 'cat <serviceaccount token>' inside running containers, then logs and stores retrieved tokens. The behavior is malicious/abusive for production environments and represents a high-security risk. Treat this code as hostile: remove from trusted dependencies, investigate any use in your environment, and rotate compromised credentials.

This code is malicious in nature as it is designed to extract sensitive user account information and send it to an external server. It poses a severe security risk due to unauthorized data exfiltration.

Live on npm for 1 day, 15 hours and 49 minutes before removal. Socket users were protected even while the package was live.

This module performs unsolicited collection of host, network, environment, and project metadata and transmits it to a hardcoded external IP address over HTTP when the module is loaded. The behavior is strongly indicative of covert telemetry or data-exfiltration. Because it runs eagerly, targets include any project that installs or requires this package. Recommend treating this package as malicious or high-risk: remove or sandbox it, block outbound connections to the IP/port, and investigate any systems that executed it for possible data exposure.