ltcai@3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
// Data staging
pattern: fs-recursive-read
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
16 packages flagged with this pattern (31 total publish events, collapsed by publisher+name). Newest first.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
Open-source coding-agent CLI. Terminal-first, multi-agent, self-improving. Supports OpenAI, Anthropic, Gemini, Ollama, and 13 more providers.
→ Static analyzer matched reverse-shell: unambiguous remote-code-execution shape in the install path.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
cue — Agent Profile Manager for Claude Code & Codex. Pick a profile, launch with the right skills, MCPs, and plugins.
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ Credential read (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) paired with webhook-bin destination — classic exfiltration signature.
logging step
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
APX — unified CLI + daemon for the Agent Project Context (APC) standard.
→ Credential read (reads-ai-api-keys) paired with dest-via-hostname-var destination — classic exfiltration signature.
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
EPyT: An EPANET-Python Toolkit for Smart Water Network Simulations. The EPyT is inspired by the EPANET-Matlab Toolkit.
→ Credential read (reads-pypirc) paired with http-to-public-ip destination — classic exfiltration signature.
A professional full-stack YouTube Downloader powered by yt-dlp.
→ Credential read (reads-apple-cloudkit) paired with http-to-public-ip destination — classic exfiltration signature.
Local developer toolchain for TIB Domain Module projects. Provides build, validate, test, and dev subcommands.
Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 2 other host(s).
<p align="center"> <img src="docs/images/logo-horizontal.jpg" alt="Claude Code Haha" width="480"> </p>
→ No suspicious destination, no remote-exec shape — 1 other host(s).
AI Agent CLI — native function calling · GEMINI.md context · extensions
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Production-grade TypeScript backend framework for JavaScript