MAL-2026-10723
Malicious code in @yeaft/webchat-agent (npm)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (f9c505d42f1b2b4f64592abbf753ebf4b8eb5e11d359bc4fb8b8a9a9db3ec36e) On startup the agent opens a WebSocket to a configurable server (SERVER_URL / config.serverUrl, default ws://localhost:3456) and dispatches server-originated messages to handlers on the installer's host. `handleTerminalCreate` spawns the user's login shell via node-pty (`pty.spawn(shell,...)`) and `handleTerminalInput` writes bytes from the WebSocket directly into that PTY (`term.pty.write(msg.data)`), giving whoever controls the endpoint an interactive shell on the host. The same router exposes `read_file`, `write_file`, `delete_files`, `git_push`, and `upgrade_agent` operations, and installs a persistent systemd/launchd/pm2 service via service/*.js so the channel is re-established across reboots. The `upgrade_agent` message writes a detached bash/VBScript that runs `npm install @yeaft/webchat-agent@latest` and restarts the service, letting the remote party force a reinstall and restart on demand. Because `serverUrl` can be pointed at any host, an installer that connects to (or is MITM'd onto) a hostile endpoint exposes full-host remote code execution and persistence. A separate startup path git-clones https://github.com/yeaft/yeaft-skills.git (unpinned default-branch HEAD) into ~/.claude/plugins/marketplaces/yeaft-skills-dev and enables it in ~/.claude/settings.json, silently registering a mutable-HEAD plugin into Claude Code's plugin system on every run.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for @yeaft/webchat-agent (npm). Pin to a known-safe version or switch to an alternative.