-= Per source details. Do not edit below this line.=-
package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spool > /dev/null 2>&1 & via execSync, which downloads and runs whatever the latest published version of gm-plugkit is using the Bun alternate runtime. The version pin is mutable (@latest), the command output is redirected to /dev/null, and the process is detached into the background — these properties are characteristic of covert remote-code execution at install time. Whoever controls publishing of gm-plugkit can deliver arbitrary code to every machine that installs gm-kilo, and the install hook hides that execution from the installer's terminal. Additionally, the install script writes to ~/.kilo/config.yml (a separate tool's configuration file) to register a gm agent with Bash(*plugkit*) shell-execute permission, silently expanding that tool's trust surface to invoke plugkit-related commands without user consent.
{
"malicious-packages-origins": [
{
"modified_time": "2026-05-20T09:43:31Z",
"sha256": "b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb",
"versions": [
"1.0.0"
],
"import_time": "2026-05-26T05:50:46.280632543Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-003513"
}
]
}[
{
"cweId": "CWE-506",
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature."
}
]
{
"package_integrity": [
{
"filename": "gm-kilo-1.0.0.tgz",
"hashes": {
"sha1": "db941a94ee8e1c2f09611ee37157a8382f9064e8",
"sha512_sri": "sha512-ezRt3VirDr2vAnGwA36d712uqWN4/AxyIS8dSaKGKB7x84lptHiDvyT+2WsLys2pv+d3xHpub+yy1xInngw7VA=="
}
}
],
"evidence_files": [
{
"tlsh": "cc5111164eff0a7359334a29da8f50633e10ab431244f99836ede31e4f86524a9339fd",
"sha256": "9996d51ba75c4754088dd0dd695a4c555944a5c6cb80d6de5e10760623213379",
"path": "bin/gm-kilo.js"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/gm-kilo/MAL-2026-4574.json"