AI / LLM API key theft — 1 caught | Cremit · NHI Credential Stealer Index
// AI tooling
AI / LLM API key theft
pattern: reads-ai-api-keys
Packages that read OPENAI_API_KEY, ANTHROPIC_API_KEY, GROQ_API_KEY or other LLM-vendor environment variables. Increasingly common as AI tooling becomes ambient in developer workflows.
27 packages+ flagged with this pattern (100 total publish events, collapsed by publisher+name). Newest first.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
52
patterns
34
size
35.0 MB
versions
292
AUTO-PUBLISHED/kitchen-sink · 9/npm/
claws-code@0.8.6
by neunaha
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
55
patterns
16
size
13.6 MB
versions
6
AUTO-PUBLISHED/npm/
@jacob-ebey/almostnode@0.4.0
by jacob-ebey
Node.js in your browser. Just like that.
steals →AI API keysChromium logins→ sends tohttps://github.com/macaly/almostnode.git
Personal AI assistant powered by Antigravity, AI-E, Claude, Claude E, Codex, Codex App, Cursor, Gemini, Grok, OpenCode, and Copilot — Web, Terminal, Telegram, and Discord interfaces with 107 built-in skills
steals →AI API keys1PasswordTelegram→ sends tohttps://github.com/lidge-jun/cli-jaw.git