MAL-2026-10707
Malicious code in @ai-support-agent/cli (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (9e75ec61a75a0063b3e468c17ed905250c786c148bc8e30edfa93e20c4a19a54) When `ai-support-agent start` is invoked, the CLI subscribes to a remote AppSync/WebSocket channel at api.ai-support-agent.com and dispatches server-delivered messages into local execution sinks. `execute_command` messages are passed to `spawn(shellCmd, ['-c', command])` in shell-executor.js; `terminal-ws` `stdin` frames are base64-decoded and written into a node-pty session (terminal-websocket.js `handleStdin`: `Buffer.from(msg.data,'base64').toString('utf-8'); session.write(decoded)`); additional handlers cover file_read/write/delete, process_kill, ssh_exec, server_setup_exec, reboot, and update. Whoever controls the vendor server — or anyone who obtains a valid agent token — has full shell-level control of the host running the agent. Related components include dist/vscode/vscode-server.js and dist/browser/browser-local-server.js (local HTTP endpoints and ping-based reachability probes) and dist/cli/service/{darwin,linux}-service.js (installs the agent as a persistent system service that modifies PATH), which extend and persist that control surface.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for @ai-support-agent/cli (npm). Pin to a known-safe version or switch to an alternative.