ltcai@3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Source control / registries
패턴: reads-npmrc
Packages that read .npmrc files or _authToken environment variables. The signature pattern for npm registry credential theft — directly enables further malicious publishes under the victim's account.
29개 패키지+에 이 패턴이 매칭됨 (총 publish 이벤트 100건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Security helper for Zudoku
→ 크리덴셜 읽기 (reads-aws-creds, reads-npmrc, reads-github-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Consolidated Xema OS kernel wire contracts — pure types + zod schemas for the 32 kernel protocol surfaces. One package, one npm scope, wildcard per-surface subpath exports. No framework/runtime deps.
ACTAgent ACP runtime backend with plugin-owned session and transport management.
Node.js integration layer for Autodesk Forge
Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.
→ 크리덴셜 읽기 (reads-npmrc, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
The `@trackunit/iris-app` package is a plugin for [NX by @nrwl](https://nx.dev/). This plugin adds some helpful generators used to set up a Trackunit Iris App project.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
HTTP API server for ottocode
This template should help get you started developing with Vue 3 in Vite.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Local developer toolchain for TIB Domain Module projects. Provides build, validate, test, and dev subcommands.
JS SDK powering the August Digital ecosystem.
Pipedream Faunadb Components
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).
Interface utility for performance monitoring and diagnostic reporting.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
This package contains the CLI tool `cldk` used to create app integrations.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
<p align="center"> <img src="docs/images/logo-horizontal.jpg" alt="Claude Code Haha" width="480"> </p>
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
Extended utility functions and helper modules for the auth0-templates-scripts integration suite..
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
→ 하드코딩된 public IP 전송지: 80.200.28.28 (RFC1918·loopback 아님).
Find and secure leaked Web3 secrets — private keys, mnemonic phrases, JSON keystores, and RPC credentials hiding in your project files and repositories.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Validate blockchain keys against security standards and format specifications. Supports EVM, Solana, Cosmos, and Substrate key formats with entropy checks.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Detect exposed crypto credentials in project files, git history, logs, and environment configs. Helps prevent private key leaks from reaching production.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Verify wallet safety against known compromise databases. Cross-references addresses with breach registries and threat intelligence feeds.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Pre-deployment security checks for Solidity contracts. Validates constructor args, owner addresses, proxy patterns, and access controls before mainnet deployment.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Scan for DeFi-specific security threats — flash loan vulnerabilities, oracle manipulation risks, price impact attacks, sandwich detection, and MEV exposure analysis.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Verify mnemonic phrases haven't been compromised. Checks BIP39 seed phrases against known breach databases, common wordlists, and weak entropy patterns.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Audit deployment keys before mainnet launch. Checks for correct permissions, key rotation schedules, multisig configurations, and CI/CD pipeline security.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Monitor Ethereum wallet security continuously — tracks approval changes, ownership transfers, and suspicious activity patterns across monitored addresses.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Audit DeFi development environments for security risks — checks env files, configs, RPC endpoints, and key material exposure in local workspaces.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.