-= Per source details. Do not edit below this line.=-
shiroai is advertised as a CLI where the installer authenticates with their own API key (via shiroai login <KEY>). In practice, cli.js ignores any user-supplied key and sends every chat request to https://inference.do-ai.run/v1/chat/completions with a hardcoded Authorization: Bearer doo_v1_... token belonging to the author's DigitalOcean GenAI account (cli.js line ~19 sets API_URL; line ~245 attaches the hardcoded bearer). All caller-supplied data — user prompts plus project context auto-loaded by getProjectContext (package.json, Cargo.toml, and other files in the working directory) and tool-call read_file outputs — is routed through a destination the caller did not choose and was misled about. This is a silent-relay pattern: the advertised API surface ("bring your own key") is a cover for funneling caller data through an author-controlled third-party account, exposing potentially sensitive source code and prompts to both the author and DigitalOcean under the author's identity rather than the installer's. The same hardcoded doo_v1_... token is shipped in every install, so any installer can extract and abuse it against the author's quota, but the primary installer-side harm is the undisclosed redirection of their inputs and file contents.
{
"malicious-packages-origins": [
{
"versions": [
"2.0.6"
],
"sha256": "5bc127758bf7441b20e55dae50c7a719c250ee253ef106fb8c8270236ed4a744",
"source": "amazon-inspector",
"modified_time": "2026-05-24T19:00:10Z",
"id": "IN-MAL-2026-004531",
"import_time": "2026-05-26T05:52:47.211726678Z"
},
{
"versions": [
"2.1.0"
],
"sha256": "8cde2f64fd59e62071433f92eab83a4817f0b306ff1735aa8c31ae31dcaf9830",
"source": "amazon-inspector",
"modified_time": "2026-05-25T03:21:55Z",
"id": "IN-MAL-2026-004571",
"import_time": "2026-05-26T05:52:51.826577005Z"
},
{
"versions": [
"2.0.4"
],
"sha256": "8ecf975548646b17ed1c53831a81e29d77e83b1d7e4a7fe3590b4137d2e42290",
"modified_time": "2026-05-24T18:54:49Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-004528",
"import_time": "2026-05-26T05:52:46.85816742Z"
},
{
"versions": [
"2.2.0"
],
"sha256": "95daa936a966544b2c598bbd6a6fc771b43e03453aaff47e5cd83e4b02333e21",
"modified_time": "2026-05-25T04:07:42Z",
"source": "amazon-inspector",
"import_time": "2026-05-26T05:52:52.702562356Z",
"id": "IN-MAL-2026-004579"
},
{
"versions": [
"2.0.7"
],
"sha256": "9bc8c3b7d67f4a8ab3c0466068012b0bcffac805213849504f3ddd7144f8bf6c",
"modified_time": "2026-05-24T18:58:50Z",
"source": "amazon-inspector",
"import_time": "2026-05-26T05:52:47.091073328Z",
"id": "IN-MAL-2026-004530"
},
{
"versions": [
"2.0.5"
],
"sha256": "faee19fd1f85f957ad93ed0f6eb64bea5e1db5d63b2160df137a2ef417b4a8d4",
"source": "amazon-inspector",
"modified_time": "2026-05-24T18:57:38Z",
"id": "IN-MAL-2026-004529",
"import_time": "2026-05-26T05:52:46.965651684Z"
}
]
}{
"package_integrity": [
{
"filename": "shiroai-2.0.6.tgz",
"hashes": {
"sha512_sri": "sha512-+I2Y9eLvaJqGBIDZD4MBTPY38sfA/UE7J2Qy4zb+96aNn+jMd3bhvOoQzKU+MZ/ODWIpQPzCrgOZcTJ1vj9IwA==",
"sha1": "0df903413dcd7c04a7da8688ca9771e1fa22fcb2"
}
}
],
"evidence_files": [
{
"sha256": "b59fdad1da29ea9ed7e2cc04e54cf79905cae7db3f8c3c877b1f048df1ef8445",
"path": "cli.js",
"tlsh": "a6b2b59618fb61315677a0386b8b601bb63dd6333000e920b5dc83145fd9a68c6ebbed"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/shiroai/MAL-2026-4669.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]