ltcai11 versions·1.0.1→3.1.0
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// Crypto wallets
패턴: reads-seed-phrase
Packages whose static analysis matched this pattern. See the per-package detail pages for the offending code excerpt.
34개 패키지+에 이 패턴이 매칭됨 (총 publish 이벤트 100건을 publisher+name 기준으로 묶음). 최신순.
Lattice AI v3 local-first AI workspace platform with knowledge graph, vector index, hybrid search, agents, and workspace modes.
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品
→ 크리덴셜 읽기 (reads-ai-api-keys, reads-seed-phrase) + 외부 전송지 http-to-public-ip, dest-via-hostname-var 조합 — 전형적인 유출 패턴.
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
Unified Ethereum dev toolkit — Ganache-compatible API powered by Foundry (Forge + Cast + Anvil + Chisel) with LevelDB persistence
Switchboard plugin for the PROOF command line interface.
Node.js integration layer for Autodesk Forge
Hierarchical deterministic (HD) wallet and DID document management for OwlMeans identity.
toggle rules in .putout.json
The validator client handles consensus duties for Aztec validators: validating block proposals, attesting to checkpoints, and detecting slashable some offenses. Validators do NOT attest to individual blocks. Attestations are only created for checkpoint pr
Simple bot that connects to a PXE to send txs on a recurring basis.
The Aztec CLI `aztec-cli` is a command-line interface (CLI) tool for interacting with Aztec. It provides various commands for deploying contracts, creating accounts, interacting with contracts, and retrieving blockchain data.
Aztec is a package that allows for a simple development environment on Aztec stack. It creates a Private eXecution Environment (PXE) that listens for HTTP requests on `localhost:8080` by default. When started, it deploys all necessary L1 Aztec contracts a
1) Start a local Ethereum node (Anvil) in one terminal:
This package includes end-to-end tests that cover Aztec's main milestones. These can be run locally either by starting anvil on a different terminal.
This package provides configuration and code for common chain operations such as contract deployment etc.
This application allows someone to obtain a small amount of eth via a http endpoint.
JS SDK powering the August Digital ecosystem.
Transaction submission, lifecycle watching, and dev signers for Polkadot chains
Signer manager for Polkadot — Host API and dev accounts
abracadabra provider
Terminal changelog logger utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Terminal logger utilities
→ 의심 전송지 없음, 원격 실행 형태 없음 — 1 known-vendor host(s).
Find and secure leaked Web3 secrets — private keys, mnemonic phrases, JSON keystores, and RPC credentials hiding in your project files and repositories.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Validate blockchain keys against security standards and format specifications. Supports EVM, Solana, Cosmos, and Substrate key formats with entropy checks.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Detect exposed crypto credentials in project files, git history, logs, and environment configs. Helps prevent private key leaks from reaching production.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Verify wallet safety against known compromise databases. Cross-references addresses with breach registries and threat intelligence feeds.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Pre-deployment security checks for Solidity contracts. Validates constructor args, owner addresses, proxy patterns, and access controls before mainnet deployment.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Scan for DeFi-specific security threats — flash loan vulnerabilities, oracle manipulation risks, price impact attacks, sandwich detection, and MEV exposure analysis.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Verify mnemonic phrases haven't been compromised. Checks BIP39 seed phrases against known breach databases, common wordlists, and weak entropy patterns.
→ 크리덴셜 읽기 (reads-seed-phrase, reads-npmrc, reads-wallet-files) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Audit deployment keys before mainnet launch. Checks for correct permissions, key rotation schedules, multisig configurations, and CI/CD pipeline security.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Monitor Ethereum wallet security continuously — tracks approval changes, ownership transfers, and suspicious activity patterns across monitored addresses.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.
Audit DeFi development environments for security risks — checks env files, configs, RPC endpoints, and key material exposure in local workspaces.
→ 크리덴셜 읽기 (reads-npmrc, reads-wallet-files, reads-seed-phrase) + 외부 전송지 webhook-bin 조합 — 전형적인 유출 패턴.