VDB
KO

MAL-2026-10708

Malicious code in @aicommander/agent (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (9a0d4917f10db91a59e47821bfa2399801219a85da0a59b8596d85fd3931fc93) @aicommander/agent installs a remote-machine agent that opens an outbound WebSocket to the hardcoded relay https://aicommander.dev and executes shell commands received over that channel on the installer's host. The message handler dispatches received commands to child_process.spawn with shell:true, streaming stdout/stderr back to the relay. A session code shared with the remote operator authorizes arbitrary command execution as the agent's uid — root when installed as the documented systemd service. This is full-host remote code execution driven by a network-sourced party, regardless of the relay being a first-party vendor server; possession of the session code by any remote party equates to full control of the installer's machine.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / @aicommander/agent

No fixed version published yet for @aicommander/agent (npm). Pin to a known-safe version or switch to an alternative.

References