zudoku-security-helper@99.0.0
Security helper for Zudoku
→ 크리덴셜 읽기 (reads-aws-creds, reads-npmrc, reads-github-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
// Cloud credentials
패턴: reads-aws-creds
Packages that read AWS access keys, session tokens, or the ~/.aws/credentials file. The most common cloud-credential theft pattern in the npm and PyPI supply-chain ecosystem.
24개 패키지에 이 패턴이 매칭됨 (총 publish 이벤트 36건을 publisher+name 기준으로 묶음). 최신순.
Security helper for Zudoku
→ 크리덴셜 읽기 (reads-aws-creds, reads-npmrc, reads-github-tokens) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
Local-first, BYOK multi-host ops + SEO control plane — scan, diagnose and fix across 12 hosts from your own machine.
→ 크리덴셜 읽기 (reads-github-tokens, reads-gitlab-tokens, reads-gcp-creds, reads-aws-creds, reads-ai-api-keys) + 외부 전송지 dest-via-hostname-var 조합 — 전형적인 유출 패턴.
SMS Phone Verification API using AWS SNS HTTP API with Hono server on Cloudflare Workers
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Consolidated Xema OS kernel wire contracts — pure types + zod schemas for the 32 kernel protocol surfaces. One package, one npm scope, wildcard per-surface subpath exports. No framework/runtime deps.
ACTAgent Amazon Bedrock provider plugin with model discovery, embeddings, and guardrail support.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ 크리덴셜 읽기 (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 http-to-public-ip 조합 — 전형적인 유출 패턴.
Unified LLM API with automatic model discovery and provider configuration
Service to communicate with AWS LEX for :mega: stentor
Worker-based trigger for Blok workflows - supports background job processing with concurrency, retries, and scheduling
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Pub/Sub trigger for Blok workflows — supports NATS (Core + JetStream), Redis Streams, Kafka, GCP Pub/Sub, AWS SNS+SQS, and Azure Service Bus.
→ 크리덴셜 읽기 (reads-aws-creds, reads-gcp-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
SECURITY RESEARCH - Dependency Confusion PoC - Red Bull Bug Bounty
→ 크리덴셜 읽기 (reads-aws-creds) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Interface utility for performance monitoring and diagnostic reporting.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s), 2 other host(s).
Predeploy security scanner for the agent economy. 80+ vulnerability patterns. Runs locally, code never leaves your machine.
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
<p align="center"> <img src="docs/images/logo-horizontal.jpg" alt="Claude Code Haha" width="480"> </p>
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 other host(s).
→ 하드코딩된 public IP 전송지: 80.200.28.28 (RFC1918·loopback 아님).
Production-grade TypeScript backend framework for JavaScript
MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community. Part of the DeFi Security Alliance toolchain.
→ 의심 전송지로 발송: webhook.site.