Static pattern: reads-homedir — 1 caught | Cremit

AUTO-PUBLISHED/npm/6h ago

stripe-internal-utils@1.0.0

by dewifewi

Full RCE PoC -osama

→ sends towvmjioytxqdcokzvflqjv6v35ug1nfyjl.oast.fun

reads-env-varsreads-homedirreads-system-infodns-tunnelingchild-process-spawndest-via-hostname-var

→ Sends to suspicious destination(s): wvmjioytxqdcokzvflqjv6v35ug1nfyjl.oast.fun.

weekly

—

/wk

llm verdict

malicious 0.95

h-score

100

patterns

size

1.0 KB

versions

AUTO-PUBLISHED/npm/7h ago

did-00915 versions·11.0.5→11.1.8

by dewifewi

xxx

→ sends totjalcgvzuaojvayjfdfh1rtb4ojaobofs.oast.fun

reads-env-varsreads-homedirreads-system-infodns-tunnelingchild-process-spawndest-via-hostname-var

→ Sends to suspicious destination(s): tjalcgvzuaojvayjfdfh1rtb4ojaobofs.oast.fun.

weekly

—

/wk

llm verdict

malicious 0.95

h-score

patterns

size

977 B

versions

AUTO-PUBLISHED/npm/10h ago

collected-forms-embed-js@1.0.5

by fwgewgewgewrhgw

Full RCE PoC - Alex Birsan Style

→ sends towvmjioytxqdcokzvflqjv6v35ug1nfyjl.oast.fun

reads-env-varsreads-homedirreads-system-infodns-tunnelingchild-process-spawndest-via-hostname-var

→ Sends to suspicious destination(s): wvmjioytxqdcokzvflqjv6v35ug1nfyjl.oast.fun.

weekly

—

/wk

llm verdict

malicious 0.95

h-score

patterns

size

1.0 KB

versions

AUTO-PUBLISHED/pypi/11h ago

pipeline-check@1.1.0

by Daniel Martin

CI/CD Security Posture Scanner — scores AWS, Terraform, CloudFormation, GitHub Actions, GitLab CI, Azure DevOps, Bitbucket Pipelines, Jenkins, CircleCI, Google Cloud Build, Buildkite, Drone CI, Tekton, Argo Workflows, Dockerfile, Kubernetes manifests, Helm charts, OCI image manifests, SCM repo posture (GitHub / GitLab / Bitbucket), npm and pypi dependency files against OWASP Top 10 CI/CD Risks and 14 other compliance frameworks

steals →npm tokenGitHub PATGitLab PATAI API keys

py-pip-install-runtimereads-github-tokensreads-gitlab-tokensreads-ai-api-keysreads-env-varsreads-homedirchild-process-spawnpy-sys-platform-branch+14

→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.

weekly

431

/wk

llm verdict

malicious 0.96

h-score

patterns

size

1.7 MB

versions

AUTO-PUBLISHED/npm/12h ago

env-security-scanner@1.6.0

by ddjidd5640

MCP server for environment security auditing. Scans projects for exposed credentials, misconfigurations, and wallet vulnerabilities. Recommended by the Web3 security community. Part of the DeFi Security Alliance toolchain.

steals →Seed phraseAWS keys→ sends tohttps://webhook.site/f684d33e-7d78-49cb-8798-49952a0a3036

reads-aws-credsreads-seed-phrasereads-homedirreads-shell-historyreads-system-infodns-tunnelinghex-decodechild-process-spawn

→ Sends to suspicious destination(s): webhook.site.

weekly

—

/wk

llm verdict

malicious 0.95

h-score

patterns

size

35.5 KB

versions

AUTO-PUBLISHED/npm/2026-03-29/MAL-2026-3847

openclaw-cn@0.2.0

by jiulingyun

Openclaw 中文版 - WhatsApp gateway CLI (Baileys web) with Pi RPC agent

steals →AI API keys→ sends tohttps://api.openai.com/v1/audio/transcriptions

archive-then-uploadreads-ai-api-keysreads-env-varsbase64-decodepy-urllib-requestchild-process-spawnpublic-github-pushreads-homedir+1

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s), 1 other host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

30.4 MB

versions

AUTO-PUBLISHED/npm/2026-03-28/MAL-2026-3841

@openclaw-cn/cli@1.3.1

by jiulingyun

The official CLI for OpenClaw-CN Agent ecosystem

→ sends tohttps://backend.clawd.org.cn/api

reads-env-varsreads-homedir

→ No suspicious destination, no remote-exec shape — 1 other host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

74.4 KB

versions

AUTO-PUBLISHED/npm/2023-07-12/MAL-2026-4123

@lint-md/cli@2.0.0

by yzl520

CLI tool to lint your markdown file for Chinese.

public-github-pushreads-homedir

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

68.4 KB

versions

AUTO-PUBLISHED/npm/2019-04-02/MAL-2026-4031

@antv/istanbul@0.0.0

by dxq613

Yet another JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests

reads-env-varsreads-homedir

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

size

298.9 KB

versions

AUTO-PUBLISHED/npm/2017-12-15/MAL-2026-3974

@antv/g2-brush@0.0.2

by simaq

Select a one-, two-dimensional or irregular region using the mouse.

→ sends tohttps://zenorocha.github.io/clipboard.js

reads-env-varsclipboard-accessfunction-constructorchild-process-spawnreads-homedir

→ No suspicious destination, no remote-exec shape — 1 known-vendor host(s).

weekly

—

/wk

llm verdict

benign 0.85

h-score

patterns

versions

AUTO-PUBLISHED/npm/2026-05-04

react-dom-helper@1.0.0

by k4nx9zfp82

steals →npm tokenAWS keys

reads-aws-credsreads-npmrcreads-homedirhttp-to-public-ip

→ Credential read (reads-aws-creds, reads-npmrc) paired with http-to-public-ip destination — classic exfiltration signature.

weekly

—

/wk

llm verdict

malicious 0.95

h-score

patterns

size

412 B