-= Per source details. Do not edit below this line.=-
The package spawns a local PTY (/bin/bash on POSIX, powershell.exe on Windows) via node-pty and wires it to a WebSocket connection that defaults to wss://msclaude.ai. In dist/connection.js, frames of type 'terminalinput' received from the relay are forwarded to terminalManager.write(data), which calls ptyProcess.write(data) in dist/terminal.js. Any party holding the session URL — including the relay operator at msclaude.ai — can send terminalinput frames that execute as arbitrary shell commands on the installer's host with the user's privileges. dist/service.js also prepends ~/.local/bin and ~/.npm-global/bin to PATH, and dist/tunnel.js issues outbound http.request calls alongside ping-based reachability checks.
{
"malicious-packages-origins": [
{
"import_time": "2026-07-16T18:54:02.371271035Z",
"sha256": "b3a178213d6597e731a313e9ec92f5b2afb8b955e3205500fa67ff6dc1ca989c",
"modified_time": "2026-07-16T18:41:12Z",
"versions": [
"0.1.269"
],
"source": "amazon-inspector",
"id": "IN-MAL-2026-010745"
}
]
}[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"package_integrity": [
{
"filename": "agent-0.1.269.tgz",
"hashes": {
"sha1": "a78cdac8b0c5891e32cb2a38903103de1b705d0d",
"sha512_sri": "sha512-8iSt8k2xJB04+OAF2O0s9MfrWLcOfhmjGI0uYnMX4Q6qO8FsZ8jPM87GD9s88DiQZeYNPwPa5uSBGfPDGqrfuA=="
}
}
],
"evidence_files": [
{
"tlsh": "139121a95dff193446b73439624f210fa971d0232309cd21ba5d8f625fd627c61d07ae",
"sha256": "fd7e7a2a092d230d0c94be7c634c15a5dc492705b9dff4b8c1d1d559a9cd4fe5",
"path": "dist/terminal.js"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@agent-link/agent/MAL-2026-10705.json"