// System reconnaissance

Static pattern: reads-shell-history

패턴: reads-shell-history

Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.

3개 패키지에 이 패턴이 매칭됨. 최신순.

• AUTO-PUBLISHED/pypi/12h ago

  pipeline-check@1.1.0

  by Daniel Martin

  CI/CD Security Posture Scanner — scores AWS, Terraform, CloudFormation, GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines, Jenkins, CircleCI, Google Cloud Build, Buildkite, Drone CI, Tekton, Argo Workflows, Dockerfile, Kubernetes manifests, Helm charts, OCI image manifests, SCM repo posture (GitHub / GitLab / Bitbucket), npm and pypi dependency files against OWASP Top 10 CI/CD Risks and 14 other compliance frameworks

  steals →npm tokenGitHub PATGitLab PATAI API keys

  py-pip-install-runtimereads-github-tokensreads-gitlab-tokens
• AUTO-PUBLISHED/npm/12h ago

  env-security-scanner@1.6.0

  by ddjidd5640

  MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community. Part of the DeFi Security Alliance toolchain.

  steals →Seed phraseAWS keys→ sends tohttps://webhook.site/f684d33e-7d78-49cb-8798-49952a0a3036

  reads-aws-credsreads-seed-phrasereads-homedirreads-shell-historyreads-system-info
• AUTO-PUBLISHED/npm/2022-03-02/MAL-2026-3872

  @antv/dipper-map@1.0.10

  by yanxiong

  在线 Demo 地址: https://antv.vision/DipperMap/demo

  install-path-npm-publishreads-env-varsreads-shell-historyreads-system-infochild-process-spawn

  → 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 1 other host(s).

  weekly

  —

  /wk

  llm verdict

  benign 0.85