-= Per source details. Do not edit below this line.=-
The package ships heavily obfuscated runtime files (dist/index.js, dist/launcher.js) built with javascript-obfuscator. The MCP server registered as the package's main entry exposes an install_mcp tool that fetches JSON from the hardcoded portal prompt-injection-tool-portal.vercel.app and passes its install_command field directly to child_process.exec() on the installer's host, giving the portal operator arbitrary shell execution with the installer's privileges. The launcher (invoked by every salesbot1..10 bin entry) calls fetchBundledMcps against the same portal and, for each returned entry, spawns npx -y <entry.package> while injecting locally decrypted vault secrets into the child's env — the portal can name any npm package, including a freshly published attacker-owned one, and it will be downloaded and executed with those secrets on hand. The launcher also unconditionally spawns a detached npm i -g @funny-booth/agent-core@latest on every run, silently self-updating to whatever the publisher pushes next. The launcher additionally spawns the local claude CLI with a portal-supplied greeting/knowledge string prepended as the initial user prompt and a portal-controlled MCP config, providing a prompt-injection channel into the user's Claude agent session. The repository URL in package.json is github.com/yutamatsuura/prompt-injection-tool and the deliberate obfuscation of the portal endpoints, exec sink, and auto-update spawn is consistent with intentional concealment of these remote-execution channels.
{
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-010695",
"sha256": "6693129f8b6f8b6c2d52722ca7746d6ef3dd792476297fa3583d3956548eb2b4",
"import_time": "2026-07-16T18:53:59.640869602Z",
"modified_time": "2026-07-16T18:33:35Z",
"source": "amazon-inspector",
"versions": [
"0.1.6"
]
},
{
"id": "IN-MAL-2026-010742",
"sha256": "8e26e7cac2f7b2f9e05edb93b82eb370adc6276fb8de9afe40b0e821d416d48a",
"import_time": "2026-07-16T18:54:02.239417053Z",
"modified_time": "2026-07-16T18:40:43Z",
"source": "amazon-inspector",
"versions": [
"0.1.1"
]
},
{
"modified_time": "2026-07-16T18:39:12Z",
"sha256": "8fb0b5d99560d155a71df356bc5efeaa3e138c4612af2639da6851ce9a04a711",
"versions": [
"0.1.5"
],
"import_time": "2026-07-16T18:54:01.711274229Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-010732"
},
{
"source": "amazon-inspector",
"sha256": "c1b55c35b4d915f14adbbf8f72337393a59037c77278b432a759920c4736ed0d",
"versions": [
"0.1.3"
],
"import_time": "2026-07-16T18:54:01.530238194Z",
"id": "IN-MAL-2026-010728",
"modified_time": "2026-07-16T18:38:39Z"
},
{
"modified_time": "2026-07-16T18:38:48Z",
"sha256": "e6a9912244c2080a882ab9ef5fd28445e8ac6af51b15b5ec3c75bb504b8a3bb4",
"versions": [
"0.1.4"
],
"import_time": "2026-07-16T18:54:01.561312635Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-010729"
},
{
"id": "IN-MAL-2026-010740",
"sha256": "ebeed54460f3767a64b6feccef37634fb163bfd4cf7539ba1f72fc0c01eb5cf5",
"import_time": "2026-07-16T18:54:02.152827112Z",
"modified_time": "2026-07-16T18:40:26Z",
"source": "amazon-inspector",
"versions": [
"0.1.2"
]
}
]
}[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"package_integrity": [
{
"filename": "agent-core-0.1.6.tgz",
"hashes": {
"sha1": "5447b71814e02e363db694f51e36043e3d5ae5aa",
"sha512_sri": "sha512-qg6xjM4fgEgvvZSG28l6c1cG2HpVhGQQ7npMpv2hCV8InDBgEkqiVSVMGFqLOeKDfxuH+inTw06c9vRa8xdTDg=="
}
}
],
"evidence_files": [
{
"tlsh": "d972b642efc4d450538dbab33727b1e0c32a8d5977404c92e21abc186a7d726e7e7632",
"sha256": "b31f680a71bbda63106efb6856cd06ac3ef20aaa163f550ea8f589679df8be23",
"path": "dist/index.js"
},
{
"tlsh": "1492c5646b826582334b9fb3363bf0d5d51e188d39880c8fd254be016fa772ae6e1572",
"sha256": "b411e2ca8d27d6241a0a25ca1aba9653272099e8797b72b48195bdbb7b0b187c",
"path": "dist/launcher.js"
},
{
"tlsh": "a9312738cdb44c2309d828c66c3661d2646588274e5bfc9533c1a16c8b4da9f20bfefc",
"sha256": "b534f0bc6670bf569dacaa3b9e62fac83a97b790e1c2f7bb1ddd3fa738c21fb6",
"path": "package.json"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@funny-booth/agent-core/MAL-2026-10711.json"