MAL-2026-10707

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@ai-support-agent/cli/MAL-2026-10707.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10707
Published
2026-07-16T18:48:58Z
Modified
2026-07-16T19:19:54.286865677Z
Summary
Malicious code in @ai-support-agent/cli (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9e75ec61a75a0063b3e468c17ed905250c786c148bc8e30edfa93e20c4a19a54)

When ai-support-agent start is invoked, the CLI subscribes to a remote AppSync/WebSocket channel at api.ai-support-agent.com and dispatches server-delivered messages into local execution sinks. execute_command messages are passed to spawn(shellCmd, ['-c', command]) in shell-executor.js; terminal-ws stdin frames are base64-decoded and written into a node-pty session (terminal-websocket.js handleStdin: Buffer.from(msg.data,'base64').toString('utf-8'); session.write(decoded)); additional handlers cover fileread/write/delete, processkill, sshexec, serversetup_exec, reboot, and update. Whoever controls the vendor server — or anyone who obtains a valid agent token — has full shell-level control of the host running the agent. Related components include dist/vscode/vscode-server.js and dist/browser/browser-local-server.js (local HTTP endpoints and ping-based reachability probes) and dist/cli/service/{darwin,linux}-service.js (installs the agent as a persistent system service that modifies PATH), which extend and persist that control surface.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.3.2-beta.1"
            ],
            "sha256": "9e75ec61a75a0063b3e468c17ed905250c786c148bc8e30edfa93e20c4a19a54",
            "import_time": "2026-07-16T18:54:05.261601401Z",
            "modified_time": "2026-07-16T18:48:58Z",
            "id": "IN-MAL-2026-010795",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

npm / @ai-support-agent/cli

Package

Name
@ai-support-agent/cli
View open source insights on deps.dev
Purl
pkg:npm/%40ai-support-agent/cli

Affected ranges

Affected versions

0.*
0.3.2-beta.1

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "cli-0.3.2-beta.1.tgz",
            "hashes": {
                "sha1": "c4aac3ffac26c8977f737add3d8fa7d614d853e4",
                "sha512_sri": "sha512-I97HCE1arXzew361QjFZAFnKY8eZzSqLxnbadQyw6BTh4Rdqhou/Dng6cPro85LekYhZOXK2eCN/WSgdOyN9tw=="
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "c652208539fb617295b7e29b1f6ba402a73b82073180ce94fb9d97104f0c94487d6ef8",
            "sha256": "cacf3ceca145410d0c3c7ec95e0d50a4f2afd317a0b36348e5e262e4b4ab0be3",
            "path": "dist/browser/browser-local-server.js"
        },
        {
            "tlsh": "5de2d8099de5d23466d2d55e2b076820fd2ac2133a54f974b6dcc788af4241c42bfbeb",
            "sha256": "426cec5d7af6930e6dd7c47cbd71749d28557357561fa3677090fed8994e4a1c",
            "path": "dist/cli/service/darwin-service.js"
        },
        {
            "tlsh": "1823b72a9eb5d336a691d16c2b0b7811fa2b92176704f9307adcc348df42458437eee7",
            "sha256": "37b78bd607e1626b8e0e2558a5b416f478b01d955493093ca4d1fcfae7f54d2e",
            "path": "dist/cli/service/linux-service.js"
        },
        {
            "tlsh": "7bd2d52f692c9bf0134418601714f8933d1fd5977e1aa134f0a9db648a9fc9aca35be3",
            "sha256": "17ef459da6b8b0863f5284ebda04c69a96d4d66cdd17c7a4d652d82346654e6e",
            "path": "dist/constants.js"
        },
        {
            "tlsh": "6e72d80e57fb903a44f368691b0b6102731e9f87e615ea347b5cd3d1af4265c7190af4",
            "sha256": "bcf8f8912001cda41ea86d3105c012c3e948f8ea0cd540d9127c6c6f0998d52e",
            "path": "dist/vscode/vscode-server.js"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@ai-support-agent/cli/MAL-2026-10707.json"