disposable-email-domains2 versions·0.0.196→0.0.197
A set of disposable email domains
// Suspicious network destinations
pattern: webhook-bin
Packages that send stolen credentials to public webhook bin services (webhook.site, requestcatcher.com, requestbin, ngrok, beeceptor, pipedream). The single most common credential-stealer destination shape — zero attacker infrastructure required.
27 packages+ flagged with this pattern (100 total publish events, collapsed by publisher+name). Newest first.
A set of disposable email domains
SPCSN Taro runtime API entry
AI security skills grounded in mid-2026 threat reality, not stale framework documentation. 51 skills, 11 catalogs (439 CVEs / 177 CWEs / 805 ATT&CK + ICS / 170 ATLAS / 468 D3FEND / 8888 RFCs), 35 jurisdictions, 10-class catalog gap detector + budget gate,
→ Worm self-propagation: package reads .npmrc _authToken AND invokes npm publish in install-path code. Shai-Hulud-class shape — no legitimate package re-publishes OTHER packages from the user's machine.
AI-aware security scanner for VS Code — code vulnerabilities, LLM risks, secrets, dependencies, MCP & agent security
→ Credential read (reads-github-tokens, reads-aws-creds, reads-ai-api-keys, reads-azure-creds) paired with webhook-bin destination — classic exfiltration signature.
logging step
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
A comprehensive list of all free email domain providers
A Python package for Azure Genome.
The forge that forges itself — self-writing meta-extension for OpenClaw
→ Credential read (reads-ai-api-keys) paired with webhook-bin destination — classic exfiltration signature.
Tricentis Sealights Python Agent - Quality Intelligence and Code Coverage
Advanced email sender
Worker-based trigger for Blok workflows - supports background job processing with concurrency, retries, and scheduling
→ Credential read (reads-aws-creds) paired with webhook-bin destination — classic exfiltration signature.
Pub/Sub trigger for Blok workflows — supports NATS (Core + JetStream), Redis Streams, Kafka, GCP Pub/Sub, AWS SNS+SQS, and Azure Service Bus.
→ Credential read (reads-aws-creds, reads-gcp-creds) paired with webhook-bin destination — classic exfiltration signature.
SECURITY RESEARCH - Dependency Confusion PoC - Red Bull Bug Bounty
→ Credential read (reads-aws-creds) paired with webhook-bin destination — classic exfiltration signature.
Cloud Security Championship CI test utilities
→ No suspicious destination, no remote-exec shape — no network destinations.
Simple messaging utility with telemetry
→ Sends to suspicious destination(s): webhook.site.
Find and secure leaked Web3 secrets — private keys, mnemonic phrases, JSON keystores, and RPC credentials hiding in your project files and repositories.
→ Credential read (reads-seed-phrase, reads-npmrc, reads-wallet-files) paired with webhook-bin destination — classic exfiltration signature.
Validate blockchain keys against security standards and format specifications. Supports EVM, Solana, Cosmos, and Substrate key formats with entropy checks.
→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.
Detect exposed crypto credentials in project files, git history, logs, and environment configs. Helps prevent private key leaks from reaching production.
→ Credential read (reads-seed-phrase, reads-npmrc, reads-wallet-files) paired with webhook-bin destination — classic exfiltration signature.
Verify wallet safety against known compromise databases. Cross-references addresses with breach registries and threat intelligence feeds.
→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.
Pre-deployment security checks for Solidity contracts. Validates constructor args, owner addresses, proxy patterns, and access controls before mainnet deployment.
→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.
Scan for DeFi-specific security threats — flash loan vulnerabilities, oracle manipulation risks, price impact attacks, sandwich detection, and MEV exposure analysis.
→ Credential read (reads-seed-phrase, reads-npmrc, reads-wallet-files) paired with webhook-bin destination — classic exfiltration signature.
Verify mnemonic phrases haven't been compromised. Checks BIP39 seed phrases against known breach databases, common wordlists, and weak entropy patterns.
→ Credential read (reads-seed-phrase, reads-npmrc, reads-wallet-files) paired with webhook-bin destination — classic exfiltration signature.
Audit deployment keys before mainnet launch. Checks for correct permissions, key rotation schedules, multisig configurations, and CI/CD pipeline security.
→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.
Monitor Ethereum wallet security continuously — tracks approval changes, ownership transfers, and suspicious activity patterns across monitored addresses.
→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.
Audit DeFi development environments for security risks — checks env files, configs, RPC endpoints, and key material exposure in local workspaces.
→ Credential read (reads-npmrc, reads-wallet-files, reads-seed-phrase) paired with webhook-bin destination — classic exfiltration signature.
Manager
→ Credential read (reads-ssh-keys) paired with webhook-bin destination — classic exfiltration signature.