ltcai4 versions·2.0.0→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// System reconnaissance
패턴: reads-homedir
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
38개 패키지+에 이 패턴이 매칭됨 (총 publish 이벤트 100건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Security helper for Zudoku
→ 크리덴셜 읽기 (reads-aws-creds, reads-npmrc, reads-github-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-gitlab-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.
→ 정적 분석기가 reverse-shell 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-seed-phrase) + 외부 전송지 http-to-public-ip, dest-via-hostname-var 조합 — 전형적인 유출 패턴.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence
AgenticMail Enterprise — cloud-hosted AI agent identity, email, auth & compliance for organizations
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
ACTAgent ACP runtime backend with plugin-owned session and transport management.
cue — Agent Profile Manager for Claude Code & Codex. Pick a profile, launch with the right skills, MCPs, and plugins.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ 크리덴셜 읽기 (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
The cli specific package
Node.js integration layer for Autodesk Forge
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Project subsystem bootstrapper CLI
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Coding agent CLI with read, bash, edit, write tools and session management
Pi agent extension for LiteLLM proxy auto-discovery and model configuration
Unified LLM API with automatic model discovery and provider configuration
Coding agent CLI with read, bash, edit, write tools and session management
Unified MCP pipeline for recommend-page filtering and screening on Boss Zhipin
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.
→ 크리덴셜 읽기 (reads-npmrc, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
APX — unified CLI + daemon for the Agent Project Context (APC) standard.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
A Python package for Azure Genome.
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
Desktop notifications for Claude Code, OpenAI Codex, and Gemini CLI
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
CLI и AI-агент городского округа Йошкар-Ола.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Nodmix, the Supreme CEO Founder AI Agent. A large language model created and developed by Mehdi Faraj.
→ 크리덴셜 읽기 (reads-ai-api-keys) + 외부 전송지 pastebin-domain 조합 — 전형적인 유출 패턴.
Personal AI assistant powered by Antigravity, AI-E, Claude, Claude E, Codex, Codex App, Cursor, Gemini, Grok, OpenCode, and Copilot — Web, Terminal, Telegram, and Discord interfaces with 107 built-in skills
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
A professional full-stack YouTube Downloader powered by yt-dlp.
→ 크리덴셜 읽기 (reads-apple-cloudkit) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Advanced email sender
SECURITY RESEARCH - Dependency Confusion PoC - Red Bull Bug Bounty
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Real-time music generation models.
VulnSweep CLI - npm vulnerability scanner
→ 크리덴셜 읽기 (reads-github-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.