ltcai12 versions·0.1.29→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Code execution / obfuscation
패턴: eval-dynamic
Packages calling eval() at runtime — typically with content sourced from an env variable, base64-decoded literal, or HTTP response. Used to hide the actual payload from static review.
34개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 75건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
a domain ssl cert admin
→ Encoded payload + dynamic execution combo (event-stream / flatmap-stream shape) — embedded blob decoded and executed at install time. Fast-tracked.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ 크리덴셜 읽기 (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Coding agent CLI with read, bash, edit, write tools and session management
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
`cwao-units` runs [AO compatible units](https://ao.arweave.dev/#/spec) for CosmWasm.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
A Python package for Azure Genome.
The forge that forges itself — self-writing meta-extension for OpenClaw
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
CLI и AI-агент городского округа Йошкар-Ола.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Real-time music generation models.
A modified version of the Pokémon Showdown server, designed for PokeBedrock.
→ 크리덴셜 읽기 (reads-azure-creds) + 외부 전송지 pastebin-domain 조합 — 전형적인 유출 패턴.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
tbank utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Module for Quick Calculations
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 2 other host(s).
Predeploy security scanner for the agent economy. 80+ vulnerability patterns. Runs locally, code never leaves your machine.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
Loads environment variables from .env file
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
A lightweight React utility package that provides browser-safe polyfills, UI compatibility helpers, and runtime shims for modern React applications.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Jsonify the structure and output chalk string
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
AI coding agent powered by open-source models (Ollama/vLLM) — interactive TUI with agentic tool-calling loop
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
AI coding agent powered by open-source models (Ollama/vLLM) — interactive TUI with agentic tool-calling loop
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
A powerful library for interacting with the Discord API
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).