ltcai3 versions·2.2.2→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Suspicious network destinations
패턴: public-github-push
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
40개 패키지+에 이 패턴이 매칭됨 (총 publish 이벤트 100건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-gitlab-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.
→ 정적 분석기가 reverse-shell 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
SPCSN Taro runtime API entry
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence
RTExit - AI-assisted Red Team methodology installer
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Switchboard plugin for the PROOF command line interface.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
cue — Agent Profile Manager for Claude Code & Codex. Pick a profile, launch with the right skills, MCPs, and plugins.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ 크리덴셜 읽기 (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
AdminForth completion adapter for the OpenAI Responses API.
Consentmo cookie banner and Web Accessibility widget integration for Hydrogen storefronts.
Typed async workflows with automatic error inference. Build type-safe workflows with Result types, step caching, resume state, and human-in-the-loop support.
Unified LLM API with automatic model discovery and provider configuration
Coding agent CLI with read, bash, edit, write tools and session management
Unified MCP pipeline for recommend-page filtering and screening on Boss Zhipin
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.
→ 크리덴셜 읽기 (reads-npmrc, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
AdiaUI A2UI training corpus — canonical v0.9 catalog + chunks + eval fixtures + feedback + gap registry. Consumed by the compose engine's retrieval layer + the MCP pipeline.
Types for Microsoft Graph objects
JavaScript library of crypto standards.
A comprehensive list of all free email domain providers
Bit-level JSON encoder + delta-chain protocol (weavepack-json reference implementation). Smaller than MessagePack/CBOR for structured/repetitive JSON; ships per-payload-addressable chains for storing edit histories.
APX — unified CLI + daemon for the Agent Project Context (APC) standard.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
toggle rules in .putout.json
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
Desktop notifications for Claude Code, OpenAI Codex, and Gemini CLI
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
CLI и AI-агент городского округа Йошкар-Ола.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Nodmix, the Supreme CEO Founder AI Agent. A large language model created and developed by Mehdi Faraj.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 pastebin-domain 조합 — 전형적인 유출 패턴.
Shared MetaMask agent skills installer and sync CLI.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Personal AI assistant powered by Antigravity, AI-E, Claude, Claude E, Codex, Codex App, Cursor, Gemini, Grok, OpenCode, and Copilot — Web, Terminal, Telegram, and Discord interfaces with 107 built-in skills
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Local developer toolchain for TIB Domain Module projects. Provides build, validate, test, and dev subcommands.
Multi-provider LLM client with rate limiting, token tracking, structured outputs, and continuation handling
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
A modified version of the Pokémon Showdown server, designed for PokeBedrock.
→ 크리덴셜 읽기 (reads-azure-creds) + 외부 전송지 pastebin-domain 조합 — 전형적인 유출 패턴.
Semver-oriented TypeScript library skeleton.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.