purpclaw5 versions·0.1.0→0.1.4
Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.
→ 정적 분석기가 reverse-shell 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Source control / registries
패턴: reads-ssh-keys
Packages that read ~/.ssh/id_rsa, id_ed25519, authorized_keys, or known_hosts. Used to enable lateral movement to git remotes and SSH-accessible production systems.
9개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 19건을 publisher+name 기준으로 묶음). 최신순.
Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.
→ 정적 분석기가 reverse-shell 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
Shared rootfs contract parsing, reference profile assets, and build helpers.
Node and GitHub Actions adapters for shared Aleph tooling.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Switchboard plugin for the PROOF command line interface.
Interface utility for performance monitoring and diagnostic reporting.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
<p align="center"> <img src="docs/images/logo-horizontal.jpg" alt="Claude Code Haha" width="480"> </p>
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
→ 하드코딩된 public IP 전송지: 80.200.28.28 (RFC1918·loopback 아님).
Manager
→ 크리덴셜 읽기 (reads-ssh-keys) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.