Secure your dependencies. Ship with confidence.

This setup.py contains a concealed payload that is decrypted and executed during package installation on Windows. That constitutes high-risk, likely malicious supply-chain behavior (arbitrary code execution in installer context). Do not install this package. Block/remove from package indexes and investigate any systems where it was installed. If analysis is required, decrypt the blob offline using the hardcoded Fernet key in a sandbox and inspect the plaintext thoroughly.

The code is extremely dangerous as it collects sensitive system information and sends it to an external server without the user's consent. It should not be used.

Live on npm for 1 hour and 37 minutes before removal. Socket users were protected even while the package was live.

This code contains clear malicious or backdoor-like behavior: automated login attempts using hardcoded superadmin credentials (two different long secrets), including a POST to an external plain-HTTP IP address, and storing tokens into sessionStorage. Those behaviors allow silent privileged access (credential-based privilege escalation) and potential exfiltration or remote control via the external endpoint. Treat this package as suspicious and potentially malicious; it should be removed or blocked and investigated further.

The bundle contains an injected behavior that is unrelated to its stated functionality: it checks the client's timezone against a hardcoded list and, for matching timezones, constructs and displays a political message and automatically opens external URLs (including a Tor onion link and change.org) and shows an alert. This is unexpected, potentially harmful (forced popups/navigation), and constitutes a malicious or unauthorized modification of the package. Do not use this version; investigate source repository, verify integrity (checksums/signatures), and replace with a clean build.

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

This code is a high-risk privilege-escalation wrapper that can execute a root-owned binary with unvalidated user input. It represents a significant supply-chain security concern and should be removed or heavily audited, with proper controls such as removing SUID, introducing input validation, auditing, and a safe execution model (least privilege, allowlists).

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The code is primarily a utility library, but contains an explicit, high-risk destructive routine: standard_tools.suiceder writes and executes a batch file that runs 'rmdir /s /q' against the application's parent directory and a temp directory. That single function makes the package unsafe for supply-chain use. No network exfiltration or obfuscation is present, but the destructive local filesystem operation constitutes malicious behavior (or at least a critical safety hazard). Do not use this package in production; remove or disable the suicider function and audit all filesystem operations before trusting the library.

High-risk malicious behavior: the package attempts to send local process listings to an external server during installation (data exfiltration/telemetry). This is active network exfiltration and should be treated as malware. Do not install; investigate any systems where this package was installed and block the destination domain.

Live on npm for 1 day, 17 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This component contains a suspicious external authentication call to a hardcoded numeric IP with embedded 'superadmin' credentials and persists the returned token into sessionStorage. The call masks failures by returning true on exceptions, which can hide errors and make the external step appear successful. These behaviors are consistent with a possible supply-chain backdoor or unauthorized 'call-home' mechanism and represent a significant security risk. Immediate actions: treat this as high priority — audit repository history, remove or isolate the hardcoded external call and credentials, search codebase for other occurrences, and investigate any services at the referenced IP. Also review how 'magicToken' is used elsewhere. If provenance is unknown or untrusted, do not deploy this package.

This module exhibits numerous malicious and high-risk supply-chain behaviors: self-modification, writing hardcoded credentials to ~/.pypirc, decrypting and executing payloads from disk, deleting files, uploading packages to PyPI, installing third-party packages on demand, and dynamically importing and executing code based on environment input. These patterns indicate intentional unauthorized actions (sabotage, hidden payload execution, or backdoor-like behavior). The package should be treated as malicious and not trusted. Immediate actions: do not run, inspect any systems where it was executed for persistence or deleted files, and treat any PyPI accounts or credentials referenced as compromised.

This source file is a CLI layer for the Sliver implant framework and explicitly builds and saves implant/stager binaries and manages C2/profiles/canaries via RPC. The code itself lacks obfuscation and obvious covert exfiltration, but its purpose is offensive: it enables generation and deployment of payloads that are malicious in many contexts. Notable issues: logic bugs in saveLocation that may cause incorrect path resolution, and insufficient filename/path sanitization when persisting RPC-provided files (risk of path traversal or unintended overwrite). Treat this package as high-risk; include only in authorized testing/red-team environments and audit RPC server trust and filename handling before use.

This ACE snippet file is mostly benign static snippet definitions, but it contains a clearly malicious/inappropriate embedded template expression that attempts to execute shell commands (reading /etc/passwd) via system(...). If any consumer evaluates template expressions in snippetText (particularly in privileged or server-side contexts), this will enable local information disclosure and arbitrary command execution. Treat the file as unsafe: remove or sanitize the system(...) invocation, audit any environments that consumed the snippetText, and consider this a supply-chain red flag. For typical browser-only ACE usage the payload is likely inert, but do not assume safety in privileged runtimes.

This code is a Frida hook that deliberately bypasses biometric authentication by replacing the reply block for LAContext evaluatePolicy:localizedReason:reply: and forcing successful authentication responses. It also leaks localizedReason and status messages via send() to the Frida client. This is an intentional security bypass/sabotage tool. Use of this in production or by an attacker undermines app authentication and is high risk.

The code exhibits malicious behavior by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk and indicates potential data exfiltration.

Live on npm for 5 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This module is a standard compiler abstraction used by build systems, but the provided fragment is corrupted/buggy: has_function() writes an invalid C source (large unrelated docstring pasted into the code) and a variable name typo exists (lib_opts vs lib_opt). There is no direct evidence of malicious behavior (network exfiltration, credential theft, shell backdoors) in this file. Primary recommendation: treat the file as corrupted — do not use until fixed; review repository history/commits to detect tampering, run tests, and audit other modules that call spawn/execute/move_file for proper input handling before trusting the package in production.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

The code contains a serious security threat in the form of a reverse shell, which allows unauthorized remote access to the system. This is a clear indicator of malicious intent.

Live on pypi for 7 minutes before removal. Socket users were protected even while the package was live.

This file implements a straightforward reverse shell/backdoor: it connects to a hardcoded remote IP:port and exposes an interactive /bin/sh over the network. It provides remote arbitrary code execution and data exfiltration capability, contains stealthy failure handling, and lacks any legitimate safeguards. Treat as malicious: do not run, remove from systems, and investigate source/origin and exposure of the host and network.

The script is designed to collect and send sensitive information from the user's system to an external server, which is highly malicious and poses a severe security threat.

Live on npm for 3 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This Skill is primarily a documentation/config-generator for onboarding repositories to AI coding tools. Functionally it matches its stated purpose, but it increases attack surface in normal operation because it generates executable command templates, permission configs, and offers optional script-based validation. The highest risks are (1) enabling command execution via generated permit-lists/commands and (2) metadata exposure by enumerating sensitive filenames/backups. There is no explicit malicious code or remote exfiltration endpoint in the provided content, so I assess low probability of intentional malware (malware: 0.05) but a moderate operational security risk (securityRisk: 0.55). Recommend strict safeguards: never auto-execute generated validation scripts, review and sanitize any generated command allow-lists before granting agents execution rights, do not back up or copy secret files, and prefer read-only analysis by default.

The code appears to be a cryptocurrency trading library with a suspicious block that encrypts and sends data to a remote server, indicating potential malicious behavior.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

This setup.py contains a concealed payload that is decrypted and executed during package installation on Windows. That constitutes high-risk, likely malicious supply-chain behavior (arbitrary code execution in installer context). Do not install this package. Block/remove from package indexes and investigate any systems where it was installed. If analysis is required, decrypt the blob offline using the hardcoded Fernet key in a sandbox and inspect the plaintext thoroughly.

The code is extremely dangerous as it collects sensitive system information and sends it to an external server without the user's consent. It should not be used.

Live on npm for 1 hour and 37 minutes before removal. Socket users were protected even while the package was live.

This code contains clear malicious or backdoor-like behavior: automated login attempts using hardcoded superadmin credentials (two different long secrets), including a POST to an external plain-HTTP IP address, and storing tokens into sessionStorage. Those behaviors allow silent privileged access (credential-based privilege escalation) and potential exfiltration or remote control via the external endpoint. Treat this package as suspicious and potentially malicious; it should be removed or blocked and investigated further.

The bundle contains an injected behavior that is unrelated to its stated functionality: it checks the client's timezone against a hardcoded list and, for matching timezones, constructs and displays a political message and automatically opens external URLs (including a Tor onion link and change.org) and shows an alert. This is unexpected, potentially harmful (forced popups/navigation), and constitutes a malicious or unauthorized modification of the package. Do not use this version; investigate source repository, verify integrity (checksums/signatures), and replace with a clean build.

The code introduces a high-risk pattern: it downloads and immediately executes arbitrary Python code from a remote repository based on user-supplied input, with no validation, authentication, or sandboxing. This constitutes a severe supply chain and remote code execution risk and should be avoided or restricted with strict whitelisting, integrity checks (e.g., code signing or hash verification), and safe execution environments.

This code is a high-risk privilege-escalation wrapper that can execute a root-owned binary with unvalidated user input. It represents a significant supply-chain security concern and should be removed or heavily audited, with proper controls such as removing SUID, introducing input validation, auditing, and a safe execution model (least privilege, allowlists).

The SweetAlert2 library code is mostly benign and serves as a UI modal dialog tool. However, it contains a suspicious and potentially malicious snippet that targets Russian users on certain domains to play an unsolicited audio prank, disabling pointer events and potentially disrupting user interaction. This behavior is unexpected and should be considered a moderate security risk and potential malware. The rest of the code shows no signs of malicious intent. The provided reports were invalid and unhelpful. Users should be cautious about this version of the library due to the embedded prank behavior.

The code is primarily a utility library, but contains an explicit, high-risk destructive routine: standard_tools.suiceder writes and executes a batch file that runs 'rmdir /s /q' against the application's parent directory and a temp directory. That single function makes the package unsafe for supply-chain use. No network exfiltration or obfuscation is present, but the destructive local filesystem operation constitutes malicious behavior (or at least a critical safety hazard). Do not use this package in production; remove or disable the suicider function and audit all filesystem operations before trusting the library.

High-risk malicious behavior: the package attempts to send local process listings to an external server during installation (data exfiltration/telemetry). This is active network exfiltration and should be treated as malware. Do not install; investigate any systems where this package was installed and block the destination domain.

Live on npm for 1 day, 17 hours and 11 minutes before removal. Socket users were protected even while the package was live.

This component contains a suspicious external authentication call to a hardcoded numeric IP with embedded 'superadmin' credentials and persists the returned token into sessionStorage. The call masks failures by returning true on exceptions, which can hide errors and make the external step appear successful. These behaviors are consistent with a possible supply-chain backdoor or unauthorized 'call-home' mechanism and represent a significant security risk. Immediate actions: treat this as high priority — audit repository history, remove or isolate the hardcoded external call and credentials, search codebase for other occurrences, and investigate any services at the referenced IP. Also review how 'magicToken' is used elsewhere. If provenance is unknown or untrusted, do not deploy this package.

This module exhibits numerous malicious and high-risk supply-chain behaviors: self-modification, writing hardcoded credentials to ~/.pypirc, decrypting and executing payloads from disk, deleting files, uploading packages to PyPI, installing third-party packages on demand, and dynamically importing and executing code based on environment input. These patterns indicate intentional unauthorized actions (sabotage, hidden payload execution, or backdoor-like behavior). The package should be treated as malicious and not trusted. Immediate actions: do not run, inspect any systems where it was executed for persistence or deleted files, and treat any PyPI accounts or credentials referenced as compromised.

This source file is a CLI layer for the Sliver implant framework and explicitly builds and saves implant/stager binaries and manages C2/profiles/canaries via RPC. The code itself lacks obfuscation and obvious covert exfiltration, but its purpose is offensive: it enables generation and deployment of payloads that are malicious in many contexts. Notable issues: logic bugs in saveLocation that may cause incorrect path resolution, and insufficient filename/path sanitization when persisting RPC-provided files (risk of path traversal or unintended overwrite). Treat this package as high-risk; include only in authorized testing/red-team environments and audit RPC server trust and filename handling before use.

This ACE snippet file is mostly benign static snippet definitions, but it contains a clearly malicious/inappropriate embedded template expression that attempts to execute shell commands (reading /etc/passwd) via system(...). If any consumer evaluates template expressions in snippetText (particularly in privileged or server-side contexts), this will enable local information disclosure and arbitrary command execution. Treat the file as unsafe: remove or sanitize the system(...) invocation, audit any environments that consumed the snippetText, and consider this a supply-chain red flag. For typical browser-only ACE usage the payload is likely inert, but do not assume safety in privileged runtimes.

This code is a Frida hook that deliberately bypasses biometric authentication by replacing the reply block for LAContext evaluatePolicy:localizedReason:reply: and forcing successful authentication responses. It also leaks localizedReason and status messages via send() to the Frida client. This is an intentional security bypass/sabotage tool. Use of this in production or by an attacker undermines app authentication and is high risk.

The code exhibits malicious behavior by collecting and sending sensitive system information to an external server without user consent. This poses a significant security risk and indicates potential data exfiltration.

Live on npm for 5 hours and 20 minutes before removal. Socket users were protected even while the package was live.

This module is a standard compiler abstraction used by build systems, but the provided fragment is corrupted/buggy: has_function() writes an invalid C source (large unrelated docstring pasted into the code) and a variable name typo exists (lib_opts vs lib_opt). There is no direct evidence of malicious behavior (network exfiltration, credential theft, shell backdoors) in this file. Primary recommendation: treat the file as corrupted — do not use until fixed; review repository history/commits to detect tampering, run tests, and audit other modules that call spawn/execute/move_file for proper input handling before trusting the package in production.

The dominant security concern is the explicit use of eval on data-derived JSON within CarbonPHP.handlebars, which can enable arbitrary code execution if data is attacker-controlled. Additional concerns include unsanitized dynamic script/template loading and a busy-wait sleep that can degrade performance and potentially expose timing information. Overall risk is high due to the eval pattern and dynamic content loading without strong sanitization.

The code contains a serious security threat in the form of a reverse shell, which allows unauthorized remote access to the system. This is a clear indicator of malicious intent.

Live on pypi for 7 minutes before removal. Socket users were protected even while the package was live.

This file implements a straightforward reverse shell/backdoor: it connects to a hardcoded remote IP:port and exposes an interactive /bin/sh over the network. It provides remote arbitrary code execution and data exfiltration capability, contains stealthy failure handling, and lacks any legitimate safeguards. Treat as malicious: do not run, remove from systems, and investigate source/origin and exposure of the host and network.

The script is designed to collect and send sensitive information from the user's system to an external server, which is highly malicious and poses a severe security threat.

Live on npm for 3 hours and 17 minutes before removal. Socket users were protected even while the package was live.

The code is designed to collect and send sensitive information to a remote server without the user's knowledge or consent. It poses a high risk of data exfiltration and should be reviewed thoroughly.

Live on npm for 2 hours and 23 minutes before removal. Socket users were protected even while the package was live.

This Skill is primarily a documentation/config-generator for onboarding repositories to AI coding tools. Functionally it matches its stated purpose, but it increases attack surface in normal operation because it generates executable command templates, permission configs, and offers optional script-based validation. The highest risks are (1) enabling command execution via generated permit-lists/commands and (2) metadata exposure by enumerating sensitive filenames/backups. There is no explicit malicious code or remote exfiltration endpoint in the provided content, so I assess low probability of intentional malware (malware: 0.05) but a moderate operational security risk (securityRisk: 0.55). Recommend strict safeguards: never auto-execute generated validation scripts, review and sanitize any generated command allow-lists before granting agents execution rights, do not back up or copy secret files, and prefer read-only analysis by default.

The code appears to be a cryptocurrency trading library with a suspicious block that encrypts and sends data to a remote server, indicating potential malicious behavior.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.