Secure your dependencies. Ship with confidence.

[Skill Scanner] Installation of third-party script detected The provided skill/documentation is a benign PDF processing toolkit: examples and capabilities are consistent with the stated purpose (extracting text/tables, creating/merging/splitting PDFs, OCR, watermarking, password protection). There is no evidence of network exfiltration, credential harvesting, obfuscation, or hidden backdoors in the supplied content. The main security considerations are: (1) processing untrusted PDFs can expose vulnerabilities in the underlying libraries or native CLI tools, and (2) if a developer programmatically runs the example shell commands with unsanitized inputs, there could be command injection risks. Also note the proprietary license mention (check LICENSE.txt) and missing referenced files (forms.md, reference.md) for full context. Overall, content appears consistent and non-malicious. LLM verification: The skill’s described capabilities are appropriate for PDF processing tasks. Primary security concerns are about supply-chain hygiene (unpinned OCR dependency and potential unvetted script installations). Mitigations: pin dependency versions, verify sources, and avoid auto-installation of third-party scripts in production. Overall assessment remains largely benign with important notes on dependency management to reduce risk.

This module contains high-risk behaviors: it feeds unsanitized user-supplied content into an external CAS and then eval()s the CAS output inside the Python process. That combination creates a clear remote code execution / supply-chain risk. Even though there is no explicit networking or credential theft in the file itself, an attacker able to control 'polys' or the CoCoA binary can achieve arbitrary code execution. Recommend: do not trust unvalidated 'polys' input, remove eval() usage (parse expressions safely or implement a restricted expression evaluator), validate/sanitize CAS output before execution, avoid placing MPLCONFIGDIR in world-writable /tmp, and fix looping-variable bugs. Treat this package as risky until those issues are remediated.

This code is malicious: it harvests files from /opt and exfiltrates them to a remote server via a hardcoded curl POST. It should be treated as a compromise/backdoor or intentional data-exfiltration payload. Do not run; remove and investigate any packages or deployments containing this code and rotate any potentially exposed secrets.

This Python script is a Windows-only, heavily obfuscated infostealer. On launch it aborts on non-Windows hosts, then: • Fingerprints the machine (hostname, username, local/public IP via api[.]ipify[.]org, hardware IDs via registry/WMI, CPU/GPU, RAM, disk serials/usage) • Harvests Discord tokens and account metadata from the Discord desktop client plus Chromium-based browsers and Firefox, injecting JS into Discord's code to trap logins, gift codes and payments • Extracts saved passwords, cookies, browsing/download history and credit-card data from Chrome, Edge, Brave, Opera variants, Yandex, Firefox, etc. • Grabs Roblox .ROBLOSECURITY cookies and account info via browser_cookie3 and the Roblox API • Decrypts desktop crypto-wallets (MetaMask, Binance, Coinbase, Trust Wallet, Exodus, Atomic, etc.) using AES/GCM with DPAPI-unwrapped keys • Captures a full-screen screenshot and a webcam photo • Disables Task Manager via registry and poisons the Windows hosts file with hundreds of AV/security domains • Persists by copying itself into the user's Startup folder. Finally it zips all stolen data, uploads it to gofile[.]io, notifies the attacker via a hard-coded Discord webhook, and tags IPs via redtiger[.]shop. It also contains built-in JavaScript injection to further compromise the Discord desktop client and can auto-purchase Nitro via stolen payment methods.

Live on pypi for 8 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code is a command-line interface for managing and deploying apps. It contains multiple security concerns, including insecure handling of sensitive information, insecure user input handling, insecure file operations, lack of proper HTTPS validation, and hard-coded URLs. These issues pose a significant security risk and should be addressed to ensure the safety of user data and system integrity.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This script performs unconditional, irreversible deletions of files and directories under a supplied ROOTFS and selectively destroys ZFS snapshots in a supplied POOL when a custom property (`inspeere.com:source`) is present. The behavior is consistent with a sabotage tool that removes data and backup snapshots. It contains multiple safety and robustness deficiencies (no argument validation, no confirmations, unsafe iteration/quoting). Treat this script as dangerous: do not run it on production systems unless you fully understand and control inputs and have backups and change control in place.

The code exhibits multiple characteristics of malware, including data extraction and exfiltration via Discord webhooks. It poses a significant security risk due to the potential for unauthorized access to sensitive information.

The code collects and transmits sensitive system information to a specified server, which poses a security risk if the server is untrusted. The use of execSync and the transmission of data without encryption or user consent are concerning.

Live on npm for 1 day and 30 minutes before removal. Socket users were protected even while the package was live.

This file is a high-risk configuration intended to drive an automation tool that floods or triggers SMS/voice verification across many services for a supplied phone number. The fragment itself contains no executable obfuscation or secret harvesting, but its explicit purpose (SMS/call mass-triggering) is abusive and can facilitate harassment or fraud. Treat this as malicious/abusive tooling when found in a repository or package; remove or quarantine and investigate associated runner code. Do not execute unless you have explicit legal authorization and strong rate-limiting controls.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits behavior consistent with data exfiltration through DNS lookups using encoded system information. This poses a significant security risk and indicates potential malicious intent.

Live on npm for 5 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, username, home directory, and current working directory and sends it to a remote server. While the author claims it is for bug bounty purposes, this behavior can still pose a privacy risk. The script also contains a blocking operation that can cause performance issues or unresponsiveness.

This source code is confirmed malicious malware that steals sensitive user credentials and system information, exfiltrates data to a remote attacker server, and supports remote command execution and file uploads. The malware is heavily obfuscated to evade detection using string array lookups and hex indices. It enumerates browser data directories across Windows, macOS, and Linux for Chrome, Brave, Opera, Yandex, and other browsers to extract stored login credentials. On Windows, it uses DPAPI decryption to extract encrypted passwords from browser databases. The malware also targets cryptocurrency wallets including Exodus, Electrum, and Guarda to steal wallet data and seed phrases. All collected data is exfiltrated via HTTP POST requests to the attacker-controlled server at http://luckywatermelon[.]xyz:5000. Additionally, it establishes a socket.io connection to receive commands for remote system control, arbitrary file uploads, and shell command execution. The malware includes persistence mechanisms by spawning detached child processes on process signals. This represents a severe security threat combining credential theft, cryptocurrency wallet targeting, and remote access trojan capabilities.

Live on npm for 12 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This module deliberately hides an embedded Python payload using multiple obfuscation layers (hex-escaped eval(name resolution), rot13, base64) and executes it automatically at import via compile + eval(exec). That is a high-risk supply-chain pattern: it prevents static inspection and enables arbitrary runtime behavior. Do not import or run this module in any sensitive environment. Before any use, decode the payload (apply rot13 to the indicated fragments, concatenate in the correct order, base64-decode) and perform a full code review of the resulting source. If you cannot verify the decoded payload’s provenance and behavior, treat the package as malicious/untrusted.

The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.

The code is malicious as it exfiltrates sensitive system data to a remote server without authorization. This poses a significant security risk.

Live on pypi for 19 hours and 29 minutes before removal. Socket users were protected even while the package was live.

[Skill Scanner] Installation of third-party script detected The provided skill/documentation is a benign PDF processing toolkit: examples and capabilities are consistent with the stated purpose (extracting text/tables, creating/merging/splitting PDFs, OCR, watermarking, password protection). There is no evidence of network exfiltration, credential harvesting, obfuscation, or hidden backdoors in the supplied content. The main security considerations are: (1) processing untrusted PDFs can expose vulnerabilities in the underlying libraries or native CLI tools, and (2) if a developer programmatically runs the example shell commands with unsanitized inputs, there could be command injection risks. Also note the proprietary license mention (check LICENSE.txt) and missing referenced files (forms.md, reference.md) for full context. Overall, content appears consistent and non-malicious. LLM verification: The skill’s described capabilities are appropriate for PDF processing tasks. Primary security concerns are about supply-chain hygiene (unpinned OCR dependency and potential unvetted script installations). Mitigations: pin dependency versions, verify sources, and avoid auto-installation of third-party scripts in production. Overall assessment remains largely benign with important notes on dependency management to reduce risk.

This module contains high-risk behaviors: it feeds unsanitized user-supplied content into an external CAS and then eval()s the CAS output inside the Python process. That combination creates a clear remote code execution / supply-chain risk. Even though there is no explicit networking or credential theft in the file itself, an attacker able to control 'polys' or the CoCoA binary can achieve arbitrary code execution. Recommend: do not trust unvalidated 'polys' input, remove eval() usage (parse expressions safely or implement a restricted expression evaluator), validate/sanitize CAS output before execution, avoid placing MPLCONFIGDIR in world-writable /tmp, and fix looping-variable bugs. Treat this package as risky until those issues are remediated.

This code is malicious: it harvests files from /opt and exfiltrates them to a remote server via a hardcoded curl POST. It should be treated as a compromise/backdoor or intentional data-exfiltration payload. Do not run; remove and investigate any packages or deployments containing this code and rotate any potentially exposed secrets.

This Python script is a Windows-only, heavily obfuscated infostealer. On launch it aborts on non-Windows hosts, then: • Fingerprints the machine (hostname, username, local/public IP via api[.]ipify[.]org, hardware IDs via registry/WMI, CPU/GPU, RAM, disk serials/usage) • Harvests Discord tokens and account metadata from the Discord desktop client plus Chromium-based browsers and Firefox, injecting JS into Discord's code to trap logins, gift codes and payments • Extracts saved passwords, cookies, browsing/download history and credit-card data from Chrome, Edge, Brave, Opera variants, Yandex, Firefox, etc. • Grabs Roblox .ROBLOSECURITY cookies and account info via browser_cookie3 and the Roblox API • Decrypts desktop crypto-wallets (MetaMask, Binance, Coinbase, Trust Wallet, Exodus, Atomic, etc.) using AES/GCM with DPAPI-unwrapped keys • Captures a full-screen screenshot and a webcam photo • Disables Task Manager via registry and poisons the Windows hosts file with hundreds of AV/security domains • Persists by copying itself into the user's Startup folder. Finally it zips all stolen data, uploads it to gofile[.]io, notifies the attacker via a hard-coded Discord webhook, and tags IPs via redtiger[.]shop. It also contains built-in JavaScript injection to further compromise the Discord desktop client and can auto-purchase Nitro via stolen payment methods.

Live on pypi for 8 hours and 20 minutes before removal. Socket users were protected even while the package was live.

The code is a command-line interface for managing and deploying apps. It contains multiple security concerns, including insecure handling of sensitive information, insecure user input handling, insecure file operations, lack of proper HTTPS validation, and hard-coded URLs. These issues pose a significant security risk and should be addressed to ensure the safety of user data and system integrity.

The code contains potential security risks such as hard-coded file paths, subprocess.Popen usage, and the handling of untrusted data through PyArrow Plasma. It is essential to review and address these security concerns before using this code in a production environment.

This code implements an insecure, unauthenticated RPC mechanism that allows remote clients to cause arbitrary code execution and exfiltrate files/system information. Using pickle over an untrusted network and invoking methods by client-supplied names are severe supply-chain/backdoor risks. Do not deploy or reuse this code in production; it should be treated as a backdoor/untrusted remote-execution component unless wrapped with strong authentication, authorization, sandboxing, and safe serialization.

This script performs unconditional, irreversible deletions of files and directories under a supplied ROOTFS and selectively destroys ZFS snapshots in a supplied POOL when a custom property (`inspeere.com:source`) is present. The behavior is consistent with a sabotage tool that removes data and backup snapshots. It contains multiple safety and robustness deficiencies (no argument validation, no confirmations, unsafe iteration/quoting). Treat this script as dangerous: do not run it on production systems unless you fully understand and control inputs and have backups and change control in place.

The code exhibits multiple characteristics of malware, including data extraction and exfiltration via Discord webhooks. It poses a significant security risk due to the potential for unauthorized access to sensitive information.

The code collects and transmits sensitive system information to a specified server, which poses a security risk if the server is untrusted. The use of execSync and the transmission of data without encryption or user consent are concerning.

Live on npm for 1 day and 30 minutes before removal. Socket users were protected even while the package was live.

This file is a high-risk configuration intended to drive an automation tool that floods or triggers SMS/voice verification across many services for a supplied phone number. The fragment itself contains no executable obfuscation or secret harvesting, but its explicit purpose (SMS/call mass-triggering) is abusive and can facilitate harassment or fraud. Treat this as malicious/abusive tooling when found in a repository or package; remove or quarantine and investigate associated runner code. Do not execute unless you have explicit legal authorization and strong rate-limiting controls.

`lotusbail` is a malicious npm package that masquerades as a WhatsApp Web API library by forking legitimate Baileys-based code and preserving working messaging functionality. In addition to normal API behavior, it inserts a wrapper around the WhatsApp WebSocket client so that all traffic passing through the library is duplicated for collection. Reported data theft includes WhatsApp authentication tokens and session keys, full message content (sent/received and historical), contact lists (including phone numbers), and transferred media/files. The package also attempts to establish persistent unauthorized access by hijacking the WhatsApp device-linking (“pairing”) workflow using a hardcoded pairing code, effectively linking an attacker-controlled device to the victim’s account; removing the npm dependency does not automatically remove the linked device. To hinder detection, the exfiltration endpoint is hidden behind multiple obfuscation layers, collected data is encrypted (including a custom RSA implementation), and the code includes anti-debugging traps designed to disrupt analysis.

The code exhibits behavior consistent with data exfiltration through DNS lookups using encoded system information. This poses a significant security risk and indicates potential malicious intent.

Live on npm for 5 hours and 16 minutes before removal. Socket users were protected even while the package was live.

The script collects information like hostname, username, home directory, and current working directory and sends it to a remote server. While the author claims it is for bug bounty purposes, this behavior can still pose a privacy risk. The script also contains a blocking operation that can cause performance issues or unresponsiveness.

This source code is confirmed malicious malware that steals sensitive user credentials and system information, exfiltrates data to a remote attacker server, and supports remote command execution and file uploads. The malware is heavily obfuscated to evade detection using string array lookups and hex indices. It enumerates browser data directories across Windows, macOS, and Linux for Chrome, Brave, Opera, Yandex, and other browsers to extract stored login credentials. On Windows, it uses DPAPI decryption to extract encrypted passwords from browser databases. The malware also targets cryptocurrency wallets including Exodus, Electrum, and Guarda to steal wallet data and seed phrases. All collected data is exfiltrated via HTTP POST requests to the attacker-controlled server at http://luckywatermelon[.]xyz:5000. Additionally, it establishes a socket.io connection to receive commands for remote system control, arbitrary file uploads, and shell command execution. The malware includes persistence mechanisms by spawning detached child processes on process signals. This represents a severe security threat combining credential theft, cryptocurrency wallet targeting, and remote access trojan capabilities.

Live on npm for 12 hours and 33 minutes before removal. Socket users were protected even while the package was live.

This module is not overtly malicious (no encoded payloads, no external exfiltration, no reverse shell), but it contains high-risk insecure patterns: user-controlled values are directly interpolated into shell command strings and passed to node_utils.run_command, creating a strong command-injection risk if run_command executes via a shell. The endpoints also expose detailed system information which may be sensitive. Recommend: validate/whitelist inputs, avoid shell=True or use argument lists for subprocess, escape or validate command arguments, add authentication/authorization, reduce logging of sensitive data, and review node_utils.run_command implementation. Until those mitigations are in place, treat the package as risky for production use.

This module deliberately hides an embedded Python payload using multiple obfuscation layers (hex-escaped eval(name resolution), rot13, base64) and executes it automatically at import via compile + eval(exec). That is a high-risk supply-chain pattern: it prevents static inspection and enables arbitrary runtime behavior. Do not import or run this module in any sensitive environment. Before any use, decode the payload (apply rot13 to the indicated fragments, concatenate in the correct order, base64-decode) and perform a full code review of the resulting source. If you cannot verify the decoded payload’s provenance and behavior, treat the package as malicious/untrusted.

The snippet signals malicious intent (runtime/container injection/backdoor-like manipulation) but provides no actionable code. If implemented, this would present a high-severity supply-chain and runtime security risk requiring immediate scrutiny, containment, and removal from any build or deployment pipeline.

The code is malicious as it exfiltrates sensitive system data to a remote server without authorization. This poses a significant security risk.

Live on pypi for 19 hours and 29 minutes before removal. Socket users were protected even while the package was live.