ltcai12 versions·0.1.29→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Data staging
패턴: clipboard-access
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
43개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 84건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-gitlab-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.
→ 정적 분석기가 reverse-shell 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
A set of disposable email domains
SPCSN Taro runtime API entry
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-seed-phrase) + 외부 전송지 http-to-public-ip, dest-via-hostname-var 조합 — 전형적인 유출 패턴.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ 크리덴셜 읽기 (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Node.js integration layer for Autodesk Forge
Coding agent CLI with read, bash, edit, write tools and session management
Coding agent CLI with read, bash, edit, write tools and session management
AdiaUI A2UI training corpus — canonical v0.9 catalog + chunks + eval fixtures + feedback + gap registry. Consumed by the compose engine's retrieval layer + the MCP pipeline.
Types for Microsoft Graph objects
A comprehensive list of all free email domain providers
APX — unified CLI + daemon for the Agent Project Context (APC) standard.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
This template should help get you started developing with Vue 3 in Vite.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Personal AI assistant powered by Antigravity, AI-E, Claude, Claude E, Codex, Codex App, Cursor, Gemini, Grok, OpenCode, and Copilot — Web, Terminal, Telegram, and Discord interfaces with 107 built-in skills
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
A professional full-stack YouTube Downloader powered by yt-dlp.
→ 크리덴셜 읽기 (reads-apple-cloudkit) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
QAECY UI Web Components
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
The Bold Reports by Syncfusion controls for JavaScript contains ReportViewer and ReportDesigner HTML5 and JavaScript reporting controls for enterprise web development
→ 크리덴셜 읽기 (reads-azure-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Quasarr connects JDownloader with Radarr, Sonarr and Magazarr. It also decrypts links protected by CAPTCHAs.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Terminal changelog logger utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 2 other host(s).
Terminal logger utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Circle-to-Search for desktop — draw a circle on your screen to instantly search Google Lens, get AI answers, and translate text. Powered by Tesseract OCR and Groq AI.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
<p align="center"> <img src="docs/images/logo-horizontal.jpg" alt="Claude Code Haha" width="480"> </p>
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
TouchVue Chat Component Library
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
A fast, type-oriented database — strong consistency and rich indexing at the core, with sync, vector embeddings, full-text search, and AI tooling built in. Designed for the AI era.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
UI component catalog for serve.zone
→ 하드코딩된 public IP 전송지: 203.0.113.50, 203.0.113.10, 203.0.113.11 (RFC1918·loopback 아님).
[English (US)](README.md) | 简体中文
→ 의심 전송지 없음, 원격 실행 형태 없음 — 15 known-vendor host(s).
## Getting Started
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
JavaScript diagramming library that uses SVG and HTML for rendering
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
clipboard plugin for X6
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
T8 is a text visualization solution for unstructured data within the AntV technology stack, and it is a declarative T8 markdown syntax that can be used to describe the content of data interpretation reports.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
effective spreadsheet render core lib
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
React component of interactive narrative text
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Geographic data editing tool based on L7
A G6VP asset for X-lab.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
G6VP 高级资产包
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Select a one-, two-dimensional or irregular region using the mouse.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).