VDB
KO

MAL-2026-10718

Malicious code in @sciagent/cli (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (310123a94891174b8cfa55def38b6e916b89d43306a52793739f26289fe51e4d) scripts/postinstall.js fetches a ~10MB+ 'sciagent' executable over HTTPS from https://u250924-adc6-f977430f.westb.seetacloud.com:8443 (a rented seetacloud.com subdomain that does not match the package's declared publisher), writes it to ~/.sciagent/bin/sciagent, chmods it 0755, and the CLI shim subsequently spawns it. No hash, signature, or publisher check is performed on the fetched bytes; the URL is also overridable via a RELEASE_SERVER_URL environment variable. A fallback branch runs an unpinned `npm install -g @tencent-ai/codebuddy-code` at postinstall time and writes a wrapper that requires the resolved codebuddy-headless.js, so whatever version of that unrelated third-party package is current at install time is auto-installed globally and loaded by the sciagent CLI. Publisher metadata (gitee garva/research-agent, 'SciAgent Team') does not match either the seetacloud host or the poisondrinker/research-agent GitHub fallback referenced in the same script. Installing the package causes the installer's machine to execute opaque bytes retrieved from a non-publisher host at install time.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / @sciagent/cli

No fixed version published yet for @sciagent/cli (npm). Pin to a known-safe version or switch to an alternative.

References