MAL-2026-10705

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@agent-link/agent/MAL-2026-10705.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10705
Published
2026-07-16T18:41:12Z
Modified
2026-07-16T19:19:53.786570429Z
Summary
Malicious code in @agent-link/agent (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b3a178213d6597e731a313e9ec92f5b2afb8b955e3205500fa67ff6dc1ca989c)

The package spawns a local PTY (/bin/bash on POSIX, powershell.exe on Windows) via node-pty and wires it to a WebSocket connection that defaults to wss://msclaude.ai. In dist/connection.js, frames of type 'terminalinput' received from the relay are forwarded to terminalManager.write(data), which calls ptyProcess.write(data) in dist/terminal.js. Any party holding the session URL — including the relay operator at msclaude.ai — can send terminalinput frames that execute as arbitrary shell commands on the installer's host with the user's privileges. dist/service.js also prepends ~/.local/bin and ~/.npm-global/bin to PATH, and dist/tunnel.js issues outbound http.request calls alongside ping-based reachability checks.

Database specific
{
    "malicious-packages-origins": [
        {
            "import_time": "2026-07-16T18:54:02.371271035Z",
            "sha256": "b3a178213d6597e731a313e9ec92f5b2afb8b955e3205500fa67ff6dc1ca989c",
            "modified_time": "2026-07-16T18:41:12Z",
            "versions": [
                "0.1.269"
            ],
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-010745"
        }
    ]
}
References
Credits

Affected packages

npm / @agent-link/agent

Package

Name
@agent-link/agent
View open source insights on deps.dev
Purl
pkg:npm/%40agent-link/agent

Affected ranges

Affected versions

0.*
0.1.269

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "agent-0.1.269.tgz",
            "hashes": {
                "sha1": "a78cdac8b0c5891e32cb2a38903103de1b705d0d",
                "sha512_sri": "sha512-8iSt8k2xJB04+OAF2O0s9MfrWLcOfhmjGI0uYnMX4Q6qO8FsZ8jPM87GD9s88DiQZeYNPwPa5uSBGfPDGqrfuA=="
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "139121a95dff193446b73439624f210fa971d0232309cd21ba5d8f625fd627c61d07ae",
            "sha256": "fd7e7a2a092d230d0c94be7c634c15a5dc492705b9dff4b8c1d1d559a9cd4fe5",
            "path": "dist/terminal.js"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@agent-link/agent/MAL-2026-10705.json"