MAL-2026-4574

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/gm-kilo/MAL-2026-4574.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4574
Published
2026-05-20T09:43:31Z
Modified
2026-05-26T06:02:35.659433071Z
Summary
Malicious code in gm-kilo (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb)

package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spool > /dev/null 2>&1 & via execSync, which downloads and runs whatever the latest published version of gm-plugkit is using the Bun alternate runtime. The version pin is mutable (@latest), the command output is redirected to /dev/null, and the process is detached into the background — these properties are characteristic of covert remote-code execution at install time. Whoever controls publishing of gm-plugkit can deliver arbitrary code to every machine that installs gm-kilo, and the install hook hides that execution from the installer's terminal. Additionally, the install script writes to ~/.kilo/config.yml (a separate tool's configuration file) to register a gm agent with Bash(*plugkit*) shell-execute permission, silently expanding that tool's trust surface to invoke plugkit-related commands without user consent.

Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-05-20T09:43:31Z",
            "sha256": "b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb",
            "versions": [
                "1.0.0"
            ],
            "import_time": "2026-05-26T05:50:46.280632543Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-003513"
        }
    ]
}
References
Credits

Affected packages

npm / gm-kilo

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

cwes
[
    {
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "gm-kilo-1.0.0.tgz",
            "hashes": {
                "sha1": "db941a94ee8e1c2f09611ee37157a8382f9064e8",
                "sha512_sri": "sha512-ezRt3VirDr2vAnGwA36d712uqWN4/AxyIS8dSaKGKB7x84lptHiDvyT+2WsLys2pv+d3xHpub+yy1xInngw7VA=="
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "cc5111164eff0a7359334a29da8f50633e10ab431244f99836ede31e4f86524a9339fd",
            "sha256": "9996d51ba75c4754088dd0dd695a4c555944a5c6cb80d6de5e10760623213379",
            "path": "bin/gm-kilo.js"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/gm-kilo/MAL-2026-4574.json"