OSV Malicious Advisory
scanned 14h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10707 confirms this npm version as malicious. When `ai-support-agent start` is invoked, the CLI subscribes to a remote AppSync/WebSocket channel at api.ai-support-agent.com and dispatches server-delivered messages into local execution sinks. `execute_command` messages are passed to `spawn(shellCmd, ['-c', command])` in shell-executor.js; `terminal-ws` `stdin` frames are base64-decoded and written into a node-pty session (terminal-websocket.js `handleStdin`:...
Advisory
MAL-2026-10707
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @ai-support-agent/cli (npm)
Details
When `ai-support-agent start` is invoked, the CLI subscribes to a remote AppSync/WebSocket channel at api.ai-support-agent.com and dispatches server-delivered messages into local execution sinks. `execute_command` messages are passed to `spawn(shellCmd, ['-c', command])` in shell-executor.js; `terminal-ws` `stdin` frames are base64-decoded and written into a node-pty session (terminal-websocket.js `handleStdin`: `Buffer.from(msg.data,'base64').toString('utf-8'); session.write(decoded)`); additional handlers cover file_read/write/delete, process_kill, ssh_exec, server_setup_exec, reboot, and update. Whoever controls the vendor server — or anyone who obtains a valid agent token — has full shell-level control of the host running the agent. Related components include dist/vscode/vscode-server.js and dist/browser/browser-local-server.js (local HTTP endpoints and ping-based reachability probes) and dist/cli/service/{darwin,linux}-service.js (installs the agent as a persistent system service that modifies PATH), which extend and persist that control surface.
Decision reason
OpenSSF Malicious Packages via OSV confirms @ai-support-agent/cli@0.3.2-beta.1 as malicious (MAL-2026-10707): Malicious code in @ai-support-agent/cli (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory