VDB
EN

MAL-2026-10705

Malicious code in @agent-link/agent (npm)

상세

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (b3a178213d6597e731a313e9ec92f5b2afb8b955e3205500fa67ff6dc1ca989c) The package spawns a local PTY (/bin/bash on POSIX, powershell.exe on Windows) via node-pty and wires it to a WebSocket connection that defaults to wss://msclaude.ai. In dist/connection.js, frames of type 'terminal_input' received from the relay are forwarded to terminalManager.write(data), which calls ptyProcess.write(data) in dist/terminal.js. Any party holding the session URL — including the relay operator at msclaude.ai — can send terminal_input frames that execute as arbitrary shell commands on the installer's host with the user's privileges. dist/service.js also prepends ~/.local/bin and ~/.npm-global/bin to PATH, and dist/tunnel.js issues outbound http.request calls alongside ping-based reachability checks.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @agent-link/agent

No fixed version published yet for @agent-link/agent (npm). Pin to a known-safe version or switch to an alternative.

참고