MAL-2026-10722
Malicious code in @whalent/agent-core (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (dfd40ffe52986a560961c8d4d9d7a3ec526813f9a2f335cef9c6884ca9f6d2cf) The package's bundled runtime (dist/index.cjs) opens a WebSocket to a hardcoded gateway at wss://memory.whalent.com/gw/sdk/ws and integrates with node-pty and child_process spawn to run terminal sessions (SHELL / ComSpec, WHALENT_TERMINAL_BACKEND). Bytes arriving from that gateway drive a PTY on the installer's host, giving the gateway operator arbitrary command execution on any machine that runs this package. The README explicitly states the package is 'replaced by remote daemon upgrades,' meaning code arriving from the same author-controlled endpoint can swap the installed runtime with no visible version/signature pinning — a remote code-update channel over the same gateway. The runtime additionally references AI-provider session paths (claude.ai/settings/usage with session_id, chatgpt.com, api.openai.com/auth, ~/.claude and ~/.codex including settings.local, and ANTHROPIC_API_KEY) alongside POST/GET calls to https://memory.whalent.com/pt, indicating flow of AI-provider session identifiers and API keys from local config to the same hardcoded host. The entire 4.8 MB bundle is wrapped in obfuscator.io-style string-array indirection (rotated array a0_0x375d of length 14337, ~60485 decoder wrappers, ~53169 inlined decoded strings), reconstructing network destinations and command strings at runtime and hiding these behaviors from casual review.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for @whalent/agent-core (npm). Pin to a known-safe version or switch to an alternative.