MAL-2026-6555

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (5abf921f58c69745fee91e812853b493a282f3d42f55db38516ba54b827ea35b) The unscoped npm package `livekit-agents` advertises itself in README as the official LiveKit Agents SDK and links to livekit.io documentation, but the shipped library at `dist/index.js` implements only a trivial stub `greet(name)` returning a hello string — none of the real SDK surface. The bundled CLI at `dist/cli.js` (the package `bin`) calls `sendCliMetric()` at the top of every invocation, unconditionally POSTing `{type:'cli_run', nodeVersion, platform, arch, timestamp}` to `https://livekit-agents.xyz/api/metrics`. The destination `livekit-agents.xyz` is a lookalike domain — LiveKit's real domain is livekit.io — and the beacon is undocumented with no opt-out. `package.json` also declares `"postinstall": "node scripts/postinstall.js"` while `files` ships only `dist`, so the referenced install hook is absent from this tarball (a no-op today, but pre-wired for a future version). Combined signals — name impersonation of the real scoped package, stub implementation, covert install-base telemetry to an author-controlled lookalike domain, and a pre-wired but currently empty postinstall slot — match the namespace-abuse / typosquat pattern used to enumerate victims before delivering a later payload.