OSV Malicious Advisory
scanned 14h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10708 confirms this npm version as malicious. @aicommander/agent installs a remote-machine agent that opens an outbound WebSocket to the hardcoded relay https://aicommander.dev and executes shell commands received over that channel on the installer's host. The message handler dispatches received commands to child_process.spawn with shell:true, streaming stdout/stderr back to the relay...
Advisory
MAL-2026-10708
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @aicommander/agent (npm)
Details
@aicommander/agent installs a remote-machine agent that opens an outbound WebSocket to the hardcoded relay https://aicommander.dev and executes shell commands received over that channel on the installer's host. The message handler dispatches received commands to child_process.spawn with shell:true, streaming stdout/stderr back to the relay. A session code shared with the remote operator authorizes arbitrary command execution as the agent's uid — root when installed as the documented systemd service. This is full-host remote code execution driven by a network-sourced party, regardless of the relay being a first-party vendor server; possession of the session code by any remote party equates to full control of the installer's machine.
Decision reason
OpenSSF Malicious Packages via OSV confirms @aicommander/agent@1.0.34 as malicious (MAL-2026-10708): Malicious code in @aicommander/agent (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory