OSV Malicious Advisory
scanned 14h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10751 confirms this npm version as malicious. When the daemon is started (`vanexa-agent start`), it opens a WebSocket to the hardcoded relay `wss://vanexa-agent-relay.hanazaki542.workers.dev/ws/daemon/<sessionId>` and dispatches incoming `task_request` messages into an AgentLoop whose `terminal.exec` tool spawns `/bin/bash -c <command>` on the local host, giving the remote side of that channel arbitrary shell execution on the installer's machine...
Decision evidence
public snapshotSource & flagged code
5 flagged · loading sourcePackage source executes code through a VM context API.
src/tools/executeProceduralMedia.jsView on unpkg · L2Package ships high-entropy non-source blobs.
vanexa-agent-1.0.0.tgzView on unpkgPackage ships compressed or archive-like blobs.
vanexa-agent-1.0.0.tgzView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
vanexa-agent-1.0.0.tgzView on unpkg