-= Per source details. Do not edit below this line.=-
codeam-cli spawns a node-pty pseudo-terminal wrapping the local Claude Code / Codex agent process and connects outbound over WebSocket to a hardcoded relay at https://api.codeagent-mobile.com. Messages received from the remote relay are written into the local PTY via pty.write as if typed at the keyboard, meaning any party controlling the paired mobile/web session on that relay can inject arbitrary keystrokes into the local agent shell. Because the wrapped agent has local tool access (shell commands, file read/write), this dataflow is functionally full-host remote code execution against the installer's machine, mediated by the vendor's relay. The README additionally documents a user-invoked self-hosted enrollment path that pipes https://api.codeagent-mobile.com/api/self-hosted/enroll.sh into sh with an enrollment token, standing up the same relay-driven agent (and a systemd service) on additional hosts; this fetch is from the package's own publisher domain and user-invoked, so it is not an install-time dropper on its own, but it extends the same remote-control plane. The bundle also mutates PATH in several locations in dist/index.js.
{
"malicious-packages-origins": [
{
"modified_time": "2026-07-16T18:45:06Z",
"sha256": "2e8b39baa6129e1e1988002fcbeb2f62464f84fc7458f82f3754d1033a9b4ca6",
"versions": [
"2.61.1"
],
"import_time": "2026-07-16T18:54:03.812799389Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-010770"
},
{
"modified_time": "2026-07-16T18:46:13Z",
"sha256": "8d97838056bf897e32c05612de2175094d31b6795910661e999d47fa08b46554",
"versions": [
"2.61.3"
],
"import_time": "2026-07-16T18:54:04.201639174Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-010777"
}
]
}[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"package_integrity": [
{
"filename": "codeam-cli-2.61.1.tgz",
"hashes": {
"sha1": "09e23b4806093b6eee14c9ecfaf6b99542d54ca5",
"sha512_sri": "sha512-iZ1GVc/jV2caLYWg8pEg0lX3mwOqKk2JI5ETwvQEfiEyMCikmBGvxF6+dpzk5fcvMGCvS7/dDjjta0uMWTpIqg=="
}
}
],
"evidence_files": [
{
"tlsh": "ee55f85a76f7153506a3a0785a5b4012b73990073609ec68faec83e42f8d578c6f3bf9",
"sha256": "6df7cdc38c751f28462f46edbed694559fa089b1c20972568ad472e7d2b606f6",
"path": "dist/index.js"
},
{
"tlsh": "e2320a9bad5507770ba606e1b98775d4df3e94ae22921c88fc7d436cc190b9c827b0ec",
"sha256": "e6385f6651b7228b001be004c3585bc6b6c611ff585dfee53def1e06f2548683",
"path": "README.md"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/codeam-cli/MAL-2026-10730.json"