Packages that read GitHub personal access tokens (ghp_*), GH_TOKEN environment variables, or the gh CLI config. Used to chain into source-code theft and downstream supply-chain attacks.
21 packages flagged with this pattern (73 total publish events, collapsed by publisher+name). Newest first.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
52
patterns
34
size
35.0 MB
versions
292
AUTO-PUBLISHED/kitchen-sink · 9/npm/
claws-code@0.8.6
by neunaha
Claws — Terminal Control Bridge for VS Code. One command to install.
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
weekly
—
/wk
llm verdict
malicious 0.96
h-score
55
patterns
16
size
13.6 MB
versions
6
AUTO-PUBLISHED/npm/
@actagent/acpx@2026.6.2
by nidaye0525
ACTAgent ACP runtime backend with plugin-owned session and transport management.