Secure your dependencies. Ship with confidence.

This script is a legitimate-looking MySQL backup utility that dumps database schemas to files and pushes them to a git repository. It contains high-risk practices: plaintext hardcoded DB credentials and automated pushes of backups to a remote (git@192.168.30.5:...) which can lead to data exfiltration if the remote is not fully trusted. I find no clear signs of active malware (no reverse shell, no obfuscation, no code injection), but the script poses a moderate-to-high security risk due to credential exposure and potential unauthorized data disclosure.

This module constructs configurable tracking endpoints and transmits local information (boot time, system name, secret key) to them. The most serious issue is that the remote response is forwarded unchanged into a privileged internal command-execution API (ExecuteTrustedCommandMessage) via callObjectMethod. That creates a clear remote-to-trusted-execution path — effectively a backdoor if the tracking endpoint or configuration is attacker-controlled. The presence of a hard-coded default secret key and lack of any response validation amplify the risk. Combined, these behaviors constitute a high security risk for supply-chain/backdoor exploitation. Additionally, the code as provided contains a syntax error in GetBootStartTime that would prevent execution; if corrected, the runtime risks described apply. Recommend removing or hardening the remote-response -> trusted-execution flow (e.g., signing, strict schema validation, authorization checks), removing hard-coded secrets, and avoiding automatic execution of remote-sourced messages.

This package will attempt to run scripts/postinstall.js during install. The build step copies that file from a parent directory (../../scripts/postinstall-notice.js) into the package scripts/ folder, and the package relies on a file: devDependency. Both facts increase supply-chain risk: the postinstall code executed during npm install may originate from outside the package registry and can run arbitrary Node code (data exfiltration, telemetry, shell command execution, etc.). You should inspect the exact contents of the referenced postinstall-notice.js and the file:../core package before trusting this package. Treat this as a high security risk until verified.

The code largely represents a standard generated API client for document-related endpoints. The critical concern is the embedded obfuscated payload at the end of the file, which could enable remote code execution or data exfiltration if executed under certain conditions. This constitutes a significant supply-chain risk. Immediate actions: audit the build process, verify no post-build transformations reintroduce such payloads, scan for dynamic evaluation paths, and consider replacing or isolating the package until the payload can be reconciled or removed.

The code is a transformation tool that injects monkey patches into an ESLint Linter implementation. The main security concern is the dynamic require of a module path taken from an environment variable and the resulting embedding of that module's APIs into a patched linter file. That pattern allows arbitrary code (if the env var or module is untrusted) to run during both patch generation and later when the patched linter executes, to suppress lint findings, and to alter module resolution. The snippet itself is not obfuscated or directly malicious, but it creates a high-impact capability that must be tightly controlled: ensure the environment-variable path is only set to vetted code, audit the external module, or avoid in-place vendor modifications in favor of safer extension mechanisms.

Live on pypi for 20 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

This file contains explicit, high-risk malicious behavior: it fetches data from a hard-coded external domain and injects that data into numerous execution and DOM sinks (script insertion, event handlers, innerHTML/document.write, eval/new Function, and navigation APIs). The combination of an external hard-coded domain and direct use in dynamic-execution and navigation APIs is consistent with code intended to execute attacker-supplied code and perform redirects/exfiltration. Do not include or run this code in production; treat as malicious.

This module contains a dangerous dynamic module-loading pattern: it searches broad filesystem locations for <module>.py and executes the first match without validation. While the code shown does not itself perform network exfiltration or contain obvious malicious payloads, the load_from_module design creates a substantial arbitrary code execution / supply-chain risk. Treat this as a high-security-risk pattern: lock down module search paths, validate or sign loaded modules, or avoid searching user/root-wide paths. The likelihood that this fragment is intentionally malicious is low (no obfuscation or payloads), but the vulnerability it introduces is severe and exploitable if an attacker can place or control files on disk.

Live on pypi for 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

This script uses 'wget' to collect and transmit environment variables and system details (e.g., username, user ID, group ID, hostname, shell, home directory, operating system, kernel version, architecture) to a remote host at 3imiu703wzi9xjg7v85om4b23t9kxalz[.]oastify[.]com without user consent, demonstrating malicious intent and posing a significant security risk.

Live on npm for 10 days and 14 hours before removal. Socket users were protected even while the package was live.

This package intentionally executes global installs/removals and repository-changing commands during lifecycle hooks. That behavior is high risk: it can execute arbitrary code from third-party packages, alter the repository, and potentially run unknown commands like "npm-auth" which could capture credentials or exfiltrate data. Unless you fully trust the publisher and the packages listed, do not install this package. Review the content of the globally installed packages and the implementation of any referenced scripts before allowing installation.

The code presents significant privacy risks and potential for misuse in generating fake identities, which is indicative of malicious intent. The scraping of sensitive information from a third-party website without clear user consent is highly suspicious.

Live on pypi for 6 minutes before removal. Socket users were protected even while the package was live.

This code fragment is mostly benign utility code but contains a suspicious hidden 'easter egg' WSGI wrapper that decodes an embedded base64+zlib payload and serves it when a magic QUERY_STRING is present, and it adds an X-Powered-By header. That behavior constitutes a covert response path/backdoor-like functionality and is a supply-chain risk. The fragment as provided is syntactically/semantically broken in multiple places, suggesting it is incomplete or tampered with; however the presence of obfuscated embedded payload and a magic trigger is concerning. Recommend removing or auditing the easteregg functionality and verifying the package contents and provenance before use.

This module exhibits strong indicators of malicious supply-chain activity: it harvests sensitive local secrets and configuration files, performs extensive host/network/process and environment discovery, attempts to collect cloud and Kubernetes credentials (AWS/GCP metadata and the Kubernetes service account token), and exfiltrates the gathered data to an external callback server. Exfiltration uses disabled TLS verification (rejectUnauthorized:false) and includes a plaintext HTTP fallback, further increasing the likelihood of successful data theft.

Live on npm for 1 day, 19 hours and 7 minutes before removal. Socket users were protected even while the package was live.

High-risk loader: the module hides and executes an embedded payload via base64+zlib and exec(), preventing static review and granting the payload full interpreter privileges. Treat as potentially malicious — do not import in production or CI. Decode and audit the decompressed payload in an isolated, offline environment before permitting use. Implement containment (sandbox, offline VM) to inspect behavior and network I/O before trusting.

This bundle contains genuine open-source UI libraries but has an unmistakable malicious/intrusive insertion inside the SweetAlert2 module: locale+host detection combined with a timed, persistent trigger that disables pointer events and injects & autoplays an audio file hosted on a third-party domain. This behavior is unrelated to the libraries' purpose and constitutes a backdoor/tainted-supply-chain compromise. Treat the package as compromised: do not deploy; obtain official, verified copies; inspect package provenance and lockfiles; and rotate/inspect any client state where this bundle ran.

Best-matching report: Report 3. This module is highly suspicious as a remote-controlled bridge: it connects to a hardcoded non-TLS WebSocket relay, accepts remote prompt text without authentication/authorization controls, spawns a local `claude` CLI using that untrusted text, and streams the model’s output back to the relay. The primary risks are privacy/data exfiltration and abuse of local model execution rather than classic malware primitives. Network egress should be restricted/monitored and the relay endpoint treated as a high-sensitivity indicator.

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

Most of the module aligns with typical SPA OAuth/OIDC and DPoP-auth flows, including JWT validation, token exchange, and caching. The primary high-risk anomaly is the runtime decoding and execution of an embedded base64 JavaScript blob as a Web Worker. Because that worker can coordinate refresh/token retrieval while the module persists access/refresh tokens in browser storage and cookies, any malicious or tampered worker logic could plausibly steal or manipulate tokens. The fragment does not conclusively prove malware, but the worker injection/execution design is a significant supply-chain security red flag that should be independently verified (decode the embedded worker payload and audit its network/storage behavior).

[Skill Scanner] Installation of third-party script detected The Crank orchestration blueprint represents a coherent, purpose-built solution for autonomous epic execution using swarm-based parallelism with dual tracking modes and governance hooks. It does not reveal malicious intent or backdoors; however, its power to autonomously modify state across multiple systems warrants strict access control, comprehensive logging, and fail-safes. Treat as BENIGN with SUSPICIOUS potential in untrusted environments until proper safeguards are verified. LLM verification: This skill matches its stated purpose but contains multiple high-risk operational behaviors: mandatory autonomous execution, ability to mutate issue trackers, and spawning of unspecified external worker backends that can run arbitrary code and perform network I/O. No obfuscated or explicitly malicious code was found in the fragment, but the design permits data leakage and unilateral destructive actions. Do not run this skill in production or on sensitive repositories without adding explicit safe

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This script is a legitimate-looking MySQL backup utility that dumps database schemas to files and pushes them to a git repository. It contains high-risk practices: plaintext hardcoded DB credentials and automated pushes of backups to a remote (git@192.168.30.5:...) which can lead to data exfiltration if the remote is not fully trusted. I find no clear signs of active malware (no reverse shell, no obfuscation, no code injection), but the script poses a moderate-to-high security risk due to credential exposure and potential unauthorized data disclosure.

This module constructs configurable tracking endpoints and transmits local information (boot time, system name, secret key) to them. The most serious issue is that the remote response is forwarded unchanged into a privileged internal command-execution API (ExecuteTrustedCommandMessage) via callObjectMethod. That creates a clear remote-to-trusted-execution path — effectively a backdoor if the tracking endpoint or configuration is attacker-controlled. The presence of a hard-coded default secret key and lack of any response validation amplify the risk. Combined, these behaviors constitute a high security risk for supply-chain/backdoor exploitation. Additionally, the code as provided contains a syntax error in GetBootStartTime that would prevent execution; if corrected, the runtime risks described apply. Recommend removing or hardening the remote-response -> trusted-execution flow (e.g., signing, strict schema validation, authorization checks), removing hard-coded secrets, and avoiding automatic execution of remote-sourced messages.

This package will attempt to run scripts/postinstall.js during install. The build step copies that file from a parent directory (../../scripts/postinstall-notice.js) into the package scripts/ folder, and the package relies on a file: devDependency. Both facts increase supply-chain risk: the postinstall code executed during npm install may originate from outside the package registry and can run arbitrary Node code (data exfiltration, telemetry, shell command execution, etc.). You should inspect the exact contents of the referenced postinstall-notice.js and the file:../core package before trusting this package. Treat this as a high security risk until verified.

The code largely represents a standard generated API client for document-related endpoints. The critical concern is the embedded obfuscated payload at the end of the file, which could enable remote code execution or data exfiltration if executed under certain conditions. This constitutes a significant supply-chain risk. Immediate actions: audit the build process, verify no post-build transformations reintroduce such payloads, scan for dynamic evaluation paths, and consider replacing or isolating the package until the payload can be reconciled or removed.

The code is a transformation tool that injects monkey patches into an ESLint Linter implementation. The main security concern is the dynamic require of a module path taken from an environment variable and the resulting embedding of that module's APIs into a patched linter file. That pattern allows arbitrary code (if the env var or module is untrusted) to run during both patch generation and later when the patched linter executes, to suppress lint findings, and to alter module resolution. The snippet itself is not obfuscated or directly malicious, but it creates a high-impact capability that must be tightly controlled: ensure the environment-variable path is only set to vetted code, audit the external module, or avoid in-place vendor modifications in favor of safer extension mechanisms.

Live on pypi for 20 hours and 45 minutes before removal. Socket users were protected even while the package was live.

This code is malicious in intent: it automates fraudulent interaction with a banking website, contains hardcoded sensitive credentials, evades automation detection, prompts an operator to supply OTPs (social-engineering), performs money transfers, and persists session state to disk for reuse. It should be treated as a tool for account takeover and financial theft. Do not run it; remove any storage_state files and investigate systems where it executed. The snippet also contains syntax errors and is incomplete, but those do not mitigate the clearly malicious purpose.

Malicious bash initialization script that performs destructive filesystem operations on macOS systems. When the external helper script 'isuserdarwin.sh' returns true, the script silently executes 'sudo rm -rf' to delete critical user directories including ~/Applications, ~/Movies, ~/Music, ~/Pictures, ~/Public, and ~/Sites without user confirmation. It also removes the macOS sleepimage file at /private/var/vm/sleepimage. The script modifies SSH directory permissions using 'sudo chmod -R go-rw' which can break SSH access or expose credentials. All destructive operations have their output suppressed with '>/dev/null 2>&1' to hide failures and make the actions stealthy. The script uses eval to execute the output of /usr/bin/dircolors, creating a command injection risk if the binary is compromised. It depends on external scripts (paper.sh, isuserdarwin.sh, debug.sh) whose contents are unknown and could execute arbitrary code. The destructive operations are embedded within what appears to be routine shell configuration code, likely to disguise the malicious intent.

The script covertly ensures a background SSH local port-forward to a hard-coded external host as root, clearing any existing ssh on the same local port first. This pattern is consistent with establishing a covert access or exfiltration channel (notably to a MongoDB-like service on port 27017). It is high-risk: investigate origins of the script, the remote IP, root SSH keys and authorized_keys, and any processes or tools that use local:9999. If unexpected, remove and rotate credentials/keys and perform host compromise analysis.

The code demonstrates high-risk behavior typical of dropper/packer-like workflows: encrypted payloads embedded in stubs, base64-wrapped code executed at runtime, and optional packaging into executables. While there are syntax anomalies and incomplete branches that prevent immediate execution, the overall pattern is aligned with covert payload delivery or supply-chain risk. Thorough review of the complete, verified source is required before use; treat as dangerous and isolate until confirmed safe.

This file contains explicit, high-risk malicious behavior: it fetches data from a hard-coded external domain and injects that data into numerous execution and DOM sinks (script insertion, event handlers, innerHTML/document.write, eval/new Function, and navigation APIs). The combination of an external hard-coded domain and direct use in dynamic-execution and navigation APIs is consistent with code intended to execute attacker-supplied code and perform redirects/exfiltration. Do not include or run this code in production; treat as malicious.

This module contains a dangerous dynamic module-loading pattern: it searches broad filesystem locations for <module>.py and executes the first match without validation. While the code shown does not itself perform network exfiltration or contain obvious malicious payloads, the load_from_module design creates a substantial arbitrary code execution / supply-chain risk. Treat this as a high-security-risk pattern: lock down module search paths, validate or sign loaded modules, or avoid searching user/root-wide paths. The likelihood that this fragment is intentionally malicious is low (no obfuscation or payloads), but the vulnerability it introduces is severe and exploitable if an attacker can place or control files on disk.

Live on pypi for 2 hours and 8 minutes before removal. Socket users were protected even while the package was live.

This script uses 'wget' to collect and transmit environment variables and system details (e.g., username, user ID, group ID, hostname, shell, home directory, operating system, kernel version, architecture) to a remote host at 3imiu703wzi9xjg7v85om4b23t9kxalz[.]oastify[.]com without user consent, demonstrating malicious intent and posing a significant security risk.

Live on npm for 10 days and 14 hours before removal. Socket users were protected even while the package was live.

This package intentionally executes global installs/removals and repository-changing commands during lifecycle hooks. That behavior is high risk: it can execute arbitrary code from third-party packages, alter the repository, and potentially run unknown commands like "npm-auth" which could capture credentials or exfiltrate data. Unless you fully trust the publisher and the packages listed, do not install this package. Review the content of the globally installed packages and the implementation of any referenced scripts before allowing installation.

The code presents significant privacy risks and potential for misuse in generating fake identities, which is indicative of malicious intent. The scraping of sensitive information from a third-party website without clear user consent is highly suspicious.

Live on pypi for 6 minutes before removal. Socket users were protected even while the package was live.

This code fragment is mostly benign utility code but contains a suspicious hidden 'easter egg' WSGI wrapper that decodes an embedded base64+zlib payload and serves it when a magic QUERY_STRING is present, and it adds an X-Powered-By header. That behavior constitutes a covert response path/backdoor-like functionality and is a supply-chain risk. The fragment as provided is syntactically/semantically broken in multiple places, suggesting it is incomplete or tampered with; however the presence of obfuscated embedded payload and a magic trigger is concerning. Recommend removing or auditing the easteregg functionality and verifying the package contents and provenance before use.

This module exhibits strong indicators of malicious supply-chain activity: it harvests sensitive local secrets and configuration files, performs extensive host/network/process and environment discovery, attempts to collect cloud and Kubernetes credentials (AWS/GCP metadata and the Kubernetes service account token), and exfiltrates the gathered data to an external callback server. Exfiltration uses disabled TLS verification (rejectUnauthorized:false) and includes a plaintext HTTP fallback, further increasing the likelihood of successful data theft.

Live on npm for 1 day, 19 hours and 7 minutes before removal. Socket users were protected even while the package was live.

High-risk loader: the module hides and executes an embedded payload via base64+zlib and exec(), preventing static review and granting the payload full interpreter privileges. Treat as potentially malicious — do not import in production or CI. Decode and audit the decompressed payload in an isolated, offline environment before permitting use. Implement containment (sandbox, offline VM) to inspect behavior and network I/O before trusting.

This bundle contains genuine open-source UI libraries but has an unmistakable malicious/intrusive insertion inside the SweetAlert2 module: locale+host detection combined with a timed, persistent trigger that disables pointer events and injects & autoplays an audio file hosted on a third-party domain. This behavior is unrelated to the libraries' purpose and constitutes a backdoor/tainted-supply-chain compromise. Treat the package as compromised: do not deploy; obtain official, verified copies; inspect package provenance and lockfiles; and rotate/inspect any client state where this bundle ran.

Best-matching report: Report 3. This module is highly suspicious as a remote-controlled bridge: it connects to a hardcoded non-TLS WebSocket relay, accepts remote prompt text without authentication/authorization controls, spawns a local `claude` CLI using that untrusted text, and streams the model’s output back to the relay. The primary risks are privacy/data exfiltration and abuse of local model execution rather than classic malware primitives. Network egress should be restricted/monitored and the relay endpoint treated as a high-sensitivity indicator.

The script collects the user's current working directory and sends it to a remote server via DNS lookup, potentially leaking sensitive information.

Live on npm for 11 minutes before removal. Socket users were protected even while the package was live.

Most of the module aligns with typical SPA OAuth/OIDC and DPoP-auth flows, including JWT validation, token exchange, and caching. The primary high-risk anomaly is the runtime decoding and execution of an embedded base64 JavaScript blob as a Web Worker. Because that worker can coordinate refresh/token retrieval while the module persists access/refresh tokens in browser storage and cookies, any malicious or tampered worker logic could plausibly steal or manipulate tokens. The fragment does not conclusively prove malware, but the worker injection/execution design is a significant supply-chain security red flag that should be independently verified (decode the embedded worker payload and audit its network/storage behavior).

[Skill Scanner] Installation of third-party script detected The Crank orchestration blueprint represents a coherent, purpose-built solution for autonomous epic execution using swarm-based parallelism with dual tracking modes and governance hooks. It does not reveal malicious intent or backdoors; however, its power to autonomously modify state across multiple systems warrants strict access control, comprehensive logging, and fail-safes. Treat as BENIGN with SUSPICIOUS potential in untrusted environments until proper safeguards are verified. LLM verification: This skill matches its stated purpose but contains multiple high-risk operational behaviors: mandatory autonomous execution, ability to mutate issue trackers, and spawning of unspecified external worker backends that can run arbitrary code and perform network I/O. No obfuscated or explicitly malicious code was found in the fragment, but the design permits data leakage and unilateral destructive actions. Do not run this skill in production or on sensitive repositories without adding explicit safe

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.