registry  /  @aicommander/agent  /  1.0.34

@aicommander/agent@1.0.34

Remote-machine agent for AI Commander — runs on your server/laptop and lets your AI agent execute shell commands on it via the @aicommander/mcp server. An SSH alternative with no exposed SSH, open ports, or VPN; drive it by AIC-… session code.

OSV Malicious Advisory

scanned 14h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10708 confirms this npm version as malicious. @aicommander/agent installs a remote-machine agent that opens an outbound WebSocket to the hardcoded relay https://aicommander.dev and executes shell commands received over that channel on the installer's host. The message handler dispatches received commands to child_process.spawn with shell:true, streaming stdout/stderr back to the relay...

Advisory
MAL-2026-10708
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @aicommander/agent (npm)
Details
@aicommander/agent installs a remote-machine agent that opens an outbound WebSocket to the hardcoded relay https://aicommander.dev and executes shell commands received over that channel on the installer's host. The message handler dispatches received commands to child_process.spawn with shell:true, streaming stdout/stderr back to the relay. A session code shared with the remote operator authorizes arbitrary command execution as the agent's uid — root when installed as the documented systemd service. This is full-host remote code execution driven by a network-sourced party, regardless of the relay being a first-party vendor server; possession of the session code by any remote party equates to full control of the installer's machine.
Decision reason
OpenSSF Malicious Packages via OSV confirms @aicommander/agent@1.0.34 as malicious (MAL-2026-10708): Malicious code in @aicommander/agent (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory