registry  /  @agentvox/host  /  0.1.5

@agentvox/host@0.1.5

AgentVox host daemon — runs on machines you want to control hands-free via the AgentVox voice app.

OSV Malicious Advisory

scanned 14h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10706 confirms this npm version as malicious. The host daemon opens an outbound WebSocket connection to a hardcoded default proxy (https://proxy.agentvox.bot) and, on receipt of a `session.open` envelope, decodes the payload and invokes `pty.spawn(open.command, open.args, { cwd: open.cwd, env: {...process.env,...open.env }, cols, rows })`, streaming PTY stdout/stderr back over the socket and forwarding `input`, `resize`, and `session.close` events to the pty...

Advisory
MAL-2026-10706
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @agentvox/host (npm)
Details
The host daemon opens an outbound WebSocket connection to a hardcoded default proxy (https://proxy.agentvox.bot) and, on receipt of a `session.open` envelope, decodes the payload and invokes `pty.spawn(open.command, open.args, { cwd: open.cwd, env: {...process.env,...open.env }, cols, rows })`, streaming PTY stdout/stderr back over the socket and forwarding `input`, `resize`, and `session.close` events to the pty. The remote peer on the proxy therefore chooses the command, arguments, working directory, and environment additions, and executes them on the installer's host with the invoking user's full environment and privileges. `scripts/smoke.mjs` additionally uses `Buffer.from(..., "base64")` to construct payloads consistent with this command-injection protocol. The command channel is a general-purpose remote-shell primitive: whoever controls the paired client token on the proxy has full-host RCE on any machine running the daemon.
Decision reason
OpenSSF Malicious Packages via OSV confirms @agentvox/host@0.1.5 as malicious (MAL-2026-10706): Malicious code in @agentvox/host (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory