ltcai6 versions·1.6.0→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// AI tooling
패턴: reads-ai-api-keys
Packages that read OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY or other LLM-vendor environment variables. Increasingly common as AI tooling becomes ambient in developer workflows.
27개 패키지+에 이 패턴이 매칭됨 (총 publish 이벤트 100건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-gitlab-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Github action for the Infer CLI
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.
→ 정적 분석기가 reverse-shell 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
F5 Distributed Cloud branded Starlight documentation theme
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Local-first, BYOK multi-host ops + SEO control plane — scan, diagnose and fix across 12 hosts from your own machine.
→ 크리덴셜 읽기 (reads-github-tokens, reads-gitlab-tokens, reads-gcp-creds, reads-aws-creds, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-seed-phrase) + 외부 전송지 http-to-public-ip, dest-via-hostname-var 조합 — 전형적인 유출 패턴.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
ACTAgent ACP runtime backend with plugin-owned session and transport management.
Node.js in your browser. Just like that.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ 크리덴셜 읽기 (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Coding agent CLI with read, bash, edit, write tools and session management
AdminForth completion adapter for the OpenAI Responses API.
Unified LLM API with automatic model discovery and provider configuration
Coding agent CLI with read, bash, edit, write tools and session management
Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.
→ 크리덴셜 읽기 (reads-npmrc, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
logging step
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
APX — unified CLI + daemon for the Agent Project Context (APC) standard.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
The forge that forges itself — self-writing meta-extension for OpenClaw
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
CLI и AI-агент городского округа Йошкар-Ола.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Nodmix, the Supreme CEO Founder AI Agent. A large language model created and developed by Mehdi Faraj.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 pastebin-domain 조합 — 전형적인 유출 패턴.
Personal AI assistant powered by Antigravity, AI-E, Claude, Claude E, Codex, Codex App, Cursor, Gemini, Grok, OpenCode, and Copilot — Web, Terminal, Telegram, and Discord interfaces with 107 built-in skills
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Multi-provider LLM client with rate limiting, token tracking, structured outputs, and continuation handling
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Real-time music generation models.
Static COBOL analyzer: syntax check, dead code detection, feature extraction, SLA performance prediction, and Validate & Push gate.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.