Secure your dependencies. Ship with confidence.

This code implements an unauthenticated remote command-and-control/backdoor with arbitrary shell execution, arbitrary Python exec/eval, and file upload/download endpoints that read and write arbitrary filesystem paths. It should be treated as highly dangerous: running it exposes the host to full remote compromise, data theft, and filesystem tampering. Do not run or publish this code in production; remove or secure endpoints, add strong authentication/authorization, and restrict allowed commands and filesystem paths if intended for legitimate remote administration.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

The source code snippet exhibits suspicious behavior by fetching a file from a known external service (webhook.site) commonly used for capturing HTTP requests, which can be abused for malicious purposes such as data exfiltration or command and control. The lack of context or validation around this network request increases the security risk. The original reports fail to provide meaningful analysis or scores. Based on the evidence, this code should be considered high risk with a strong possibility of malicious intent.

Live on npm for 1 hour and 17 minutes before removal. Socket users were protected even while the package was live.

This module exhibits clear malicious/backdoor characteristics: it reads a local file and immediately sends a truncated copy to a hard-coded remote HTTP endpoint on module import. It performs unauthorized data exfiltration without encryption or consent and includes markers (exported 'pwnd') consistent with compromise. Treat this package as compromised; remove or block it and investigate any systems that may have loaded it.

This code contains a remote downloader-and-executor pattern that writes an arbitrary .exe to disk and attempts to run it on Windows while hiding the window and suppressing errors. Absent integrity checks, authentication, domain restrictions, or user consent, this is effectively a dropper and constitutes a high security risk. Treat this module as malicious/untrusted in a supply-chain context and do not include it in trusted dependencies without significant redesign (add signature verification, explicit allowlist, user confirmation, and robust error/logging behaviour).

This install script is malicious: it collects local network/interface information, encodes it, and exfiltrates it via DNS queries to an external domain during npm install. This is a high-risk telemetry/data-exfiltration behavior and should be treated as malware. Do not install, and investigate any systems where this package was installed.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This file is a full-featured web shell/backdoor (often named PhpSpy/PhpShell/PhpSpy Ver 2006) providing remote command execution, file management (read/write/delete/upload), database query execution, proxy fetching, Windows registry manipulation via COM, and archive/export capabilities. It includes a hardcoded password and minimal obfuscation. It is malicious for most production uses and constitutes a serious supply-chain/backdoor risk. Remove and do not deploy; if found on a server assume compromise and perform incident response (containment, secret rotation, forensic investigation).

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

Based on the provided fragment, this appears to be a benign paginated request/accumulation helper. The main risk is the heavy obfuscation which hinders review and could mask malicious behavior elsewhere; however, within this fragment there are no clear signs of credential harvesting, code injection, process spawning, or data exfiltration to hardcoded endpoints. Recommend reviewing the implementation of executeFunctions.request and the surrounding module (and the mapping function) to ensure no hidden side effects.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This code is malicious: it injects a persistent PHP webshell into a WordPress theme (404.php) using an authenticated admin session. The webshell allows arbitrary system commands and arbitrary PHP execution (via base64-decoded payload), enabling full remote compromise. Do not run or include this package; treat it as a high-risk backdoor.

This file is a web shell/backdoor providing authenticated remote file management: directory listing, arbitrary file read/download, and arbitrary file write via uploads (including chunked uploads). The presence of a hardcoded MD5 password, explicit 'My Shell' labeling, and the ability to upload and execute files make this a high-confidence malicious backdoor. It poses a severe supply-chain and host risk — immediate removal, incident response, and forensic review of the system are recommended. Rotate credentials and search for other implanted artifacts.

The code collects sensitive system information without user consent and sends it to an external server via a Discord webhook. The code gathers data such as the user's internal IP address, external IP address (obtained via an HTTP request to 'https[:]//ipinfo[.]io/json'), hostname, username, home directory, DNS server information, and package details from 'package.json'. This information is then formatted into a JSON object and transmitted to a hardcoded Discord webhook URL ('https[:]//discord[.]com/api/webhooks/...'). This behavior constitutes unauthorized data exfiltration and poses significant privacy and security risks.

Live on npm for 1 day, 6 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including all environment variables, platform details, hostname, username, and MAC addresses from network interfaces. This data is then transmitted via HTTP POST request to a suspicious remote server at https://log-server-lovat[.]vercel[.]app/api/ipcheck/703 with a custom header 'x-secret-header: secret'. After sending the collected data, the malware evaluates the server's response as JavaScript code using eval(), enabling arbitrary remote code execution. The code employs obfuscation by hex-encoding critical strings like 'require', 'axios', 'post', and the target URL to evade detection. Error handling is deliberately suppressed to prevent detection of failed operations. This represents a critical supply chain attack vector that compromises system security through both data theft and remote control capabilities.

Live on npm for 10 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated, uses 'eval', has conditional behavior that could be used to detect runtime environment, and performs operations that are common in legitimate cryptography but could also be used for malicious purposes such as hiding a payload or executing a payload conditionally. Given the evidence, it is likely that the code is intended to be evasive and may be malicious.

This code implements a high-risk dropper pattern: it downloads and executes an external binary from a hardcoded URL without any integrity checks, validation, or observable user consent, and suppresses errors while cleaning up the payload. Absent additional secure controls or context that prove legitimate, treat this as malicious or unacceptable for inclusion in trusted software. Remove or isolate this code and investigate the remote URL and any associated artifacts.

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) Lack of input: no actual skill code to analyze. Cannot determine install/reject verdict or security posture without a target skill payload. LLM verification: This skill's stated purpose (audit other skills) is legitimate, but the described workflow contains a critical design flaw: it permits executing a scanner script that is stored inside the very untrusted target being audited. That makes the auditor able to run arbitrary code supplied by the target repository, which could perform credential harvesting, data exfiltration, destructive filesystem operations, or other malicious behavior. The presence of a flagged 'rm -rf' pattern inside SKILL.md reinf

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

The fragment is highly obfuscated and shows patterns typical of code that attempts to load external payloads, inject scripts into the page, fingerprint the environment, and potentially exfiltrate data. While there is no definitive evidence of concrete data theft or a guaranteed backdoor within this isolated excerpt, the combination of dynamic execution, DOM/script injection, and environment fingerprinting constitutes a non-trivial security risk. It warrants thorough site-wide review, dependency provenance checks, and a security audit to ensure no unintended remote code execution or data leakage occurs in production.

This module implements a language search handler that queries Google Ads via an imported GoogleAdsClient and returns mapped results. The code is heavily obfuscated and contains an anti-tamper/self-test helper, which is unusual and makes auditing harder, but there is no clear evidence in the provided fragment of credential exfiltration, arbitrary remote connections to attacker-controlled domains, code-injection (eval/Function), or system-level backdoors. The primary risk is the obfuscation itself (reduces transparency). Functionally the behaviour appears legitimate for a Google Ads search helper.

This module implements an interactive Python execution tool that runs arbitrary Python code via exec and captures stdout. There are no hardcoded malicious artifacts, but the design is inherently high-risk: untrusted input yields full remote code execution and data exfiltration capability. Additionally, a bug (typo 'outpu') causes a NameError on return, breaking intended behavior and potentially exposing stack traces. Treat this code as dangerous if reachable from untrusted contexts and apply sandboxing/isolation or remove runtime exec exposure.

The script redirects Git hook execution to an external directory, creating a high-risk supply-chain and runtime vector. It is dangerous in most environments unless the external hooks are tightly controlled, versioned, and validated. Best practice would be to avoid such redirection; if necessary, implement explicit user consent, integrity verification (e.g., signed hooks), and allowlisting of trusted hooks, or revert to repository-contained hooks.

The source code is performing malicious activities by exfiltrating sensitive system information (hostname, username, current working directory, network interfaces) to a remote server using the ping command. This behavior is indicative of malware.

Live on npm for 2 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code is attempting to exfiltrate environment variables to a suspicious host, posing a significant data leakage risk. The code exhibits obfuscated elements and clear malicious behavior, making it highly risky and likely malicious.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.

This code implements an unauthenticated remote command-and-control/backdoor with arbitrary shell execution, arbitrary Python exec/eval, and file upload/download endpoints that read and write arbitrary filesystem paths. It should be treated as highly dangerous: running it exposes the host to full remote compromise, data theft, and filesystem tampering. Do not run or publish this code in production; remove or secure endpoints, add strong authentication/authorization, and restrict allowed commands and filesystem paths if intended for legitimate remote administration.

This module implements a command-and-control agent: it establishes a Tor connection to a hardcoded .onion C2, downloads a payload, writes it to a temporary file, sets it executable, and runs it — all without validation — and provides a POST endpoint for C2 communication. These are canonical backdoor behaviors (remote code execution, persistence, and concealed C2). Treat the code as malicious: do not execute, block the domain, and investigate any systems where this package or its parent repository was installed or run.

The source code snippet exhibits suspicious behavior by fetching a file from a known external service (webhook.site) commonly used for capturing HTTP requests, which can be abused for malicious purposes such as data exfiltration or command and control. The lack of context or validation around this network request increases the security risk. The original reports fail to provide meaningful analysis or scores. Based on the evidence, this code should be considered high risk with a strong possibility of malicious intent.

Live on npm for 1 hour and 17 minutes before removal. Socket users were protected even while the package was live.

This module exhibits clear malicious/backdoor characteristics: it reads a local file and immediately sends a truncated copy to a hard-coded remote HTTP endpoint on module import. It performs unauthorized data exfiltration without encryption or consent and includes markers (exported 'pwnd') consistent with compromise. Treat this package as compromised; remove or block it and investigate any systems that may have loaded it.

This code contains a remote downloader-and-executor pattern that writes an arbitrary .exe to disk and attempts to run it on Windows while hiding the window and suppressing errors. Absent integrity checks, authentication, domain restrictions, or user consent, this is effectively a dropper and constitutes a high security risk. Treat this module as malicious/untrusted in a supply-chain context and do not include it in trusted dependencies without significant redesign (add signature verification, explicit allowlist, user confirmation, and robust error/logging behaviour).

This install script is malicious: it collects local network/interface information, encodes it, and exfiltrates it via DNS queries to an external domain during npm install. This is a high-risk telemetry/data-exfiltration behavior and should be treated as malware. Do not install, and investigate any systems where this package was installed.

Live on npm for 2 hours and 6 minutes before removal. Socket users were protected even while the package was live.

This file is a full-featured web shell/backdoor (often named PhpSpy/PhpShell/PhpSpy Ver 2006) providing remote command execution, file management (read/write/delete/upload), database query execution, proxy fetching, Windows registry manipulation via COM, and archive/export capabilities. It includes a hardcoded password and minimal obfuscation. It is malicious for most production uses and constitutes a serious supply-chain/backdoor risk. Remove and do not deploy; if found on a server assume compromise and perform incident response (containment, secret rotation, forensic investigation).

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

Based on the provided fragment, this appears to be a benign paginated request/accumulation helper. The main risk is the heavy obfuscation which hinders review and could mask malicious behavior elsewhere; however, within this fragment there are no clear signs of credential harvesting, code injection, process spawning, or data exfiltration to hardcoded endpoints. Recommend reviewing the implementation of executeFunctions.request and the surrounding module (and the mapping function) to ensure no hidden side effects.

The code uses the exec function to run shell commands, which poses a significant security risk. It could potentially execute malicious code if the input to exec is manipulated. Redirecting output to /dev/null to hide execution details is suspicious.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This code is malicious: it injects a persistent PHP webshell into a WordPress theme (404.php) using an authenticated admin session. The webshell allows arbitrary system commands and arbitrary PHP execution (via base64-decoded payload), enabling full remote compromise. Do not run or include this package; treat it as a high-risk backdoor.

This file is a web shell/backdoor providing authenticated remote file management: directory listing, arbitrary file read/download, and arbitrary file write via uploads (including chunked uploads). The presence of a hardcoded MD5 password, explicit 'My Shell' labeling, and the ability to upload and execute files make this a high-confidence malicious backdoor. It poses a severe supply-chain and host risk — immediate removal, incident response, and forensic review of the system are recommended. Rotate credentials and search for other implanted artifacts.

The code collects sensitive system information without user consent and sends it to an external server via a Discord webhook. The code gathers data such as the user's internal IP address, external IP address (obtained via an HTTP request to 'https[:]//ipinfo[.]io/json'), hostname, username, home directory, DNS server information, and package details from 'package.json'. This information is then formatted into a JSON object and transmitted to a hardcoded Discord webhook URL ('https[:]//discord[.]com/api/webhooks/...'). This behavior constitutes unauthorized data exfiltration and poses significant privacy and security risks.

Live on npm for 1 day, 6 hours and 31 minutes before removal. Socket users were protected even while the package was live.

This file contains malicious code that functions as a backdoor with data exfiltration and remote code execution capabilities. The code systematically collects sensitive system information including all environment variables, platform details, hostname, username, and MAC addresses from network interfaces. This data is then transmitted via HTTP POST request to a suspicious remote server at https://log-server-lovat[.]vercel[.]app/api/ipcheck/703 with a custom header 'x-secret-header: secret'. After sending the collected data, the malware evaluates the server's response as JavaScript code using eval(), enabling arbitrary remote code execution. The code employs obfuscation by hex-encoding critical strings like 'require', 'axios', 'post', and the target URL to evade detection. Error handling is deliberately suppressed to prevent detection of failed operations. This represents a critical supply chain attack vector that compromises system security through both data theft and remote control capabilities.

Live on npm for 10 hours and 56 minutes before removal. Socket users were protected even while the package was live.

The code is heavily obfuscated, uses 'eval', has conditional behavior that could be used to detect runtime environment, and performs operations that are common in legitimate cryptography but could also be used for malicious purposes such as hiding a payload or executing a payload conditionally. Given the evidence, it is likely that the code is intended to be evasive and may be malicious.

This code implements a high-risk dropper pattern: it downloads and executes an external binary from a hardcoded URL without any integrity checks, validation, or observable user consent, and suppresses errors while cleaning up the payload. Absent additional secure controls or context that prove legitimate, treat this as malicious or unacceptable for inclusion in trusted software. Remove or isolate this code and investigate the remote URL and any associated artifacts.

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) Lack of input: no actual skill code to analyze. Cannot determine install/reject verdict or security posture without a target skill payload. LLM verification: This skill's stated purpose (audit other skills) is legitimate, but the described workflow contains a critical design flaw: it permits executing a scanner script that is stored inside the very untrusted target being audited. That makes the auditor able to run arbitrary code supplied by the target repository, which could perform credential harvesting, data exfiltration, destructive filesystem operations, or other malicious behavior. The presence of a flagged 'rm -rf' pattern inside SKILL.md reinf

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

The fragment is highly obfuscated and shows patterns typical of code that attempts to load external payloads, inject scripts into the page, fingerprint the environment, and potentially exfiltrate data. While there is no definitive evidence of concrete data theft or a guaranteed backdoor within this isolated excerpt, the combination of dynamic execution, DOM/script injection, and environment fingerprinting constitutes a non-trivial security risk. It warrants thorough site-wide review, dependency provenance checks, and a security audit to ensure no unintended remote code execution or data leakage occurs in production.

This module implements a language search handler that queries Google Ads via an imported GoogleAdsClient and returns mapped results. The code is heavily obfuscated and contains an anti-tamper/self-test helper, which is unusual and makes auditing harder, but there is no clear evidence in the provided fragment of credential exfiltration, arbitrary remote connections to attacker-controlled domains, code-injection (eval/Function), or system-level backdoors. The primary risk is the obfuscation itself (reduces transparency). Functionally the behaviour appears legitimate for a Google Ads search helper.

This module implements an interactive Python execution tool that runs arbitrary Python code via exec and captures stdout. There are no hardcoded malicious artifacts, but the design is inherently high-risk: untrusted input yields full remote code execution and data exfiltration capability. Additionally, a bug (typo 'outpu') causes a NameError on return, breaking intended behavior and potentially exposing stack traces. Treat this code as dangerous if reachable from untrusted contexts and apply sandboxing/isolation or remove runtime exec exposure.

The script redirects Git hook execution to an external directory, creating a high-risk supply-chain and runtime vector. It is dangerous in most environments unless the external hooks are tightly controlled, versioned, and validated. Best practice would be to avoid such redirection; if necessary, implement explicit user consent, integrity verification (e.g., signed hooks), and allowlisting of trusted hooks, or revert to repository-contained hooks.

The source code is performing malicious activities by exfiltrating sensitive system information (hostname, username, current working directory, network interfaces) to a remote server using the ping command. This behavior is indicative of malware.

Live on npm for 2 hours and 26 minutes before removal. Socket users were protected even while the package was live.

The code is attempting to exfiltrate environment variables to a suspicious host, posing a significant data leakage risk. The code exhibits obfuscated elements and clear malicious behavior, making it highly risky and likely malicious.

Live on npm for 32 minutes before removal. Socket users were protected even while the package was live.

This script appears to be a simple packaging/upload helper, not obviously malicious, but it contains insecure and potentially dangerous patterns: unsanitized shell interpolation (command injection risk), use of 'sudo rm -rf' (destructive with elevation), changing working directory before destructive operations, and passing credentials on the command line (credential leakage). These issues make it risky to run in untrusted contexts or CI without hardening. There is no clear evidence of deliberate malware, but the script could be abused if inputs (pyproject.toml or environment) are tampered with.