MAL-2026-10705
Malicious code in @agent-link/agent (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (b3a178213d6597e731a313e9ec92f5b2afb8b955e3205500fa67ff6dc1ca989c) The package spawns a local PTY (/bin/bash on POSIX, powershell.exe on Windows) via node-pty and wires it to a WebSocket connection that defaults to wss://msclaude.ai. In dist/connection.js, frames of type 'terminal_input' received from the relay are forwarded to terminalManager.write(data), which calls ptyProcess.write(data) in dist/terminal.js. Any party holding the session URL — including the relay operator at msclaude.ai — can send terminal_input frames that execute as arbitrary shell commands on the installer's host with the user's privileges. dist/service.js also prepends ~/.local/bin and ~/.npm-global/bin to PATH, and dist/tunnel.js issues outbound http.request calls alongside ping-based reachability checks.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for @agent-link/agent (npm). Pin to a known-safe version or switch to an alternative.