System-wide AI overlay. Hidden from screen sharing.
An explicit CLI start installs disguised Windows persistence and launches a restart watchdog. At runtime it targets protected TestPad/exam windows, injects a bundled DLL to defeat capture protections, captures the screen, and transmits prompts/screenshots to Groq.
Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/index.jsView on unpkg · L13Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli/index.jsView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L13Source decrypts an embedded payload, writes it to disk, and executes it through a child process.
desktop/dist/daemon.cjsView on unpkgPackage ships native binary artifacts.
desktop/resources/unprotect.dllView on unpkgPackage ships non-JavaScript build or shell helper files.
desktop/resources/inject_dll.ps1View on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
cli/guard.cjsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/shared/index.cjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
Package source references a known benign dynamic code generation pattern.
desktop/dist/daemon.cjsView on unpkg · L2945Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/cli/index.jsView on unpkg · L13Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L13Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli/index.jsView on unpkgPackage ships native binary artifacts.
desktop/resources/unprotect.dllView on unpkgPackage ships non-JavaScript build or shell helper files.
desktop/resources/inject_dll.ps1View on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
cli/guard.cjsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/shared/index.cjsView on unpkgPackage source references a known benign dynamic code generation pattern.
desktop/dist/daemon.cjsView on unpkg · L2945Source decrypts an embedded payload, writes it to disk, and executes it through a child process.
desktop/dist/daemon.cjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
desktop/dist/daemon.cjsView on unpkg