zudoku-security-helper@99.0.0
Security helper for Zudoku
→ Credential read (reads-aws-creds, reads-npmrc, reads-github-tokens) paired with dest-via-hostname-var destination — classic exfiltration signature.
// Cloud credentials
pattern: reads-aws-creds
Packages that read AWS access keys, session tokens, or the ~/.aws/credentials file. The most common cloud-credential theft pattern in the npm and PyPI supply-chain ecosystem.
24 packages flagged with this pattern (36 total publish events, collapsed by publisher+name). Newest first.
Security helper for Zudoku
→ Credential read (reads-aws-creds, reads-npmrc, reads-github-tokens) paired with dest-via-hostname-var destination — classic exfiltration signature.
Local-first, BYOK multi-host ops + SEO control plane — scan, diagnose and fix across 12 hosts from your own machine.
→ Credential read (reads-github-tokens, reads-gitlab-tokens, reads-gcp-creds, reads-aws-creds, reads-ai-api-keys) paired with dest-via-hostname-var destination — classic exfiltration signature.
SMS Phone Verification API using AWS SNS HTTP API with Hono server on Cloudflare Workers
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Consolidated Xema OS kernel wire contracts — pure types + zod schemas for the 32 kernel protocol surfaces. One package, one npm scope, wildcard per-surface subpath exports. No framework/runtime deps.
ACTAgent Amazon Bedrock provider plugin with model discovery, embeddings, and guardrail support.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ Credential read (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) paired with webhook-bin destination — classic exfiltration signature.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ Credential read (reads-aws-creds) paired with http-to-public-ip destination — classic exfiltration signature.
Harper is an open-source Node.js performance platform that unifies database, cache, application, and messaging layers into one in-memory process.
→ Credential read (reads-aws-creds) paired with http-to-public-ip destination — classic exfiltration signature.
Unified LLM API with automatic model discovery and provider configuration
Service to communicate with AWS LEX for :mega: stentor
Worker-based trigger for Blok workflows - supports background job processing with concurrency, retries, and scheduling
→ Credential read (reads-aws-creds) paired with webhook-bin destination — classic exfiltration signature.
Pub/Sub trigger for Blok workflows — supports NATS (Core + JetStream), Redis Streams, Kafka, GCP Pub/Sub, AWS SNS+SQS, and Azure Service Bus.
→ Credential read (reads-aws-creds, reads-gcp-creds) paired with webhook-bin destination — classic exfiltration signature.
SECURITY RESEARCH - Dependency Confusion PoC - Red Bull Bug Bounty
→ Credential read (reads-aws-creds) paired with webhook-bin destination — classic exfiltration signature.
Interface utility for performance monitoring and diagnostic reporting.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
Collection of tools to reconcile services with their desired state as defined in the app-interface DB.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).
EPL - English Programming Language: write code in plain English. Build apps, web servers, and more.
→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 2 other host(s).
Predeploy security scanner for the agent economy. 80+ vulnerability patterns. Runs locally, code never leaves your machine.
→ No suspicious destination, no remote-exec shape — 1 other host(s).
<p align="center"> <img src="docs/images/logo-horizontal.jpg" alt="Claude Code Haha" width="480"> </p>
→ No suspicious destination, no remote-exec shape — 1 other host(s).
→ Hardcoded public IP destination: 80.200.28.28 (not RFC1918 / loopback).
Production-grade TypeScript backend framework for JavaScript
MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community. Part of the DeFi Security Alliance toolchain.
→ Sends to suspicious destination(s): webhook.site.
→ Credential read (reads-aws-creds, reads-npmrc) paired with http-to-public-ip destination — classic exfiltration signature.