-= Per source details. Do not edit below this line.=-
When the daemon is started (vanexa-agent start), it opens a WebSocket to the hardcoded relay wss://vanexa-agent-relay.hanazaki542.workers.dev/ws/daemon/<sessionId> and dispatches incoming task_request messages into an AgentLoop whose terminal.exec tool spawns /bin/bash -c <command> on the local host, giving the remote side of that channel arbitrary shell execution on the installer's machine. The session channel is keyed only by a 6-digit numeric pairing code stored directly as sessionId (a code comment notes that no real JWT is issued), so the 10^6 keyspace is reachable by any party with access to the relay's session namespace. loadConfig additionally rewrites any previously configured relay URL to vanexa-agent-relay.hanazaki542.workers.dev, a personal-looking *.workers.dev subdomain that does not match the vanexa.app branding in install.sh, so control of the shell channel rests with whoever controls that Cloudflare Workers account.
{
"malicious-packages-origins": [
{
"id": "IN-MAL-2026-010733",
"sha256": "433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803",
"import_time": "2026-07-16T18:54:01.762217474Z",
"modified_time": "2026-07-16T18:39:20Z",
"source": "amazon-inspector",
"versions": [
"1.1.10"
]
},
{
"versions": [
"1.1.9"
],
"sha256": "ceb12856926d98ac98f1e81e0ad83b749eeeea08be8e53e61d5374f1492589dc",
"import_time": "2026-07-16T18:54:01.996192715Z",
"modified_time": "2026-07-16T18:40:04Z",
"id": "IN-MAL-2026-010738",
"source": "amazon-inspector"
}
]
}[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
},
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"package_integrity": [
{
"filename": "vanexa-agent-1.1.10.tgz",
"hashes": {
"sha1": "852e2760a6a0c40dd1a66e8ef46df48daf1ea5c3",
"sha512_sri": "sha512-pETjG0NEMvZMihmDi59TW/8gihD2smQaUr+OQsBFVT/xHizd0szNX4T6ie7fVvJYQLiRT2s2LMBquKB9uHB6Pg=="
}
}
],
"evidence_files": [
{
"tlsh": "4202630a48f730a95073957dbb4b20153a349503230def85f94d23b69f84ba45de27ee",
"sha256": "ca7b68cf8ea60ec6b2085bf6ed0cbd970405bcb4a597d8e0a090030f96594364",
"path": "src/daemon.js"
},
{
"tlsh": "56416e5728f62978007360a24f9b803976349a032354fb59fe4da33a9fc5a65d7233ed",
"sha256": "e4a1974816f948ffc5223bdcc1969896fb9921180dbfb01e381002b8360cdfca",
"path": "src/pairing.js"
},
{
"tlsh": "5051635b3eda563142a1b29a872f650c7632e203b198fe90f19d27e63fde41c51236b4",
"sha256": "cd52177ac45b811c01c4ad17f7a7a39f00a1e403a85ea3933b70a53bbf663fb7",
"path": "src/config.js"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/vanexa-agent/MAL-2026-10751.json"