ltcai@3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
// Source control / registries
패턴: reads-pypirc
Packages that read .pypirc or TWINE_PASSWORD environment variables. Direct path to PyPI account takeover and downstream malicious version publishing.
3개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 5건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
EPyT: An EPANET-Python Toolkit for Smart Water Network Simulations. The EPyT is inspired by the EPANET-Matlab Toolkit.
→ 크리덴셜 읽기 (reads-pypirc) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.