ltcai12 versions·0.1.29→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Data staging
패턴: archive-then-upload
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
34개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 69건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
A set of disposable email domains
SPCSN Taro runtime API entry
Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence
RTExit - AI-assisted Red Team methodology installer
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
JishuShell — Raspberry Pi server management panel (Core + Web UI)
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Coding agent CLI with read, bash, edit, write tools and session management
Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.
→ 크리덴셜 읽기 (reads-npmrc, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Engineering discipline and workflow guardrails for AI coding agents (Claude, Cursor, Codex, Gemini).
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
AdiaUI A2UI training corpus — canonical v0.9 catalog + chunks + eval fixtures + feedback + gap registry. Consumed by the compose engine's retrieval layer + the MCP pipeline.
A comprehensive list of all free email domain providers
A Python package for Azure Genome.
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
Nodmix, the Supreme CEO Founder AI Agent. A large language model created and developed by Mehdi Faraj.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 pastebin-domain 조합 — 전형적인 유출 패턴.
A professional full-stack YouTube Downloader powered by yt-dlp.
→ 크리덴셜 읽기 (reads-apple-cloudkit) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Local developer toolchain for TIB Domain Module projects. Provides build, validate, test, and dev subcommands.
Advanced email sender
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
This package contains the CLI tool `cldk` used to create app integrations.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
a package for parse html to noteinfo
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 2 other host(s).
list of contributors in vestibule ORG
→ 의심 전송지 없음, 원격 실행 형태 없음 — 2 known-vendor host(s).
Multi-platform stream ingestion and transcript extraction MCP server
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
Benjamin CLI Generator
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
UI component catalog for serve.zone
→ 하드코딩된 public IP 전송지: 203.0.113.50, 203.0.113.10, 203.0.113.11 (RFC1918·loopback 아님).
通达信 TCP 协议行情数据客户端,支持在线行情与离线本地数据读取
→ 하드코딩된 public IP 전송지: 180.153.18.170, 124.71.187.122, 180.153.18.171, 180.153.18.172, 119.147.212.81, 115.238.56.198, 115.238.90.165, 218.75.126.9, 47.107.75.159, 59.175.238.38, 110.41.147.114, 110.41.2.72, 101.33.225.16, 175.178.112.197, 175.178.128.227, 43.139.95.83, 124.223.163.242, 122.51.120.217, 150.158.160.2, 123.60.164.122, 111.229.247.189, 124.70.199.56, 62.234.50.143, 81.70.151.186, 82.156.214.79, 159.75.29.111, 43.139.18.171, 81.71.32.47, 122.51.232.182, 118.25.98.114, 121.36.225.169, 123.60.70.228, 123.60.73.44, 124.70.133.119, 124.71.187.72, 119.97.185.59, 129.204.230.128, 101.42.240.54, 124.71.9.153, 123.60.84.66, 111.230.186.52, 101.0.0.43 (RFC1918·loopback 아님).
A Durable Task Client SDK for Python
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Openclaw 中文版 - WhatsApp gateway CLI (Baileys web) with Pi RPC agent
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).