Package evidence

[email protected]

Js Hidden Powershell: Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm | iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Weekly downloads: 660
Versions published: 40
First published: Mar 2026
Publisher: panguard0414

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["[email protected]"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["[email protected]"],"fail_on":"high"}'

Publisherpanguard0414

Artifact bytes1,359,779

Previous version3.1.1

Published2026-06-05T23:34:18.201Z

SHA-2565e14bac8219e439a960ca91eb1d4f2cc01e2259b8619f10d348b6dab8994632e

Why flagged

What the scanner saw

1 candidate cluster(s) currently reference this release.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

3d agoLast checked

highRisk

189Score

3.2.0Version

Status history (1 event)

new → available7d ago · risk high · score 189 · status changed

Related candidates

Linked campaigns and clusters

Publisher / release actor burstactive

panguard0414

6 members · evidence strength 75

Publisher / release actor burstcandidate

panguard0414

6 members · max score 266

Evidence

Static findings

33 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Js Hidden Powershell	package/dist/eval/corpus.js	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.	45
high	Js Hidden Powershell	package/dist/eval/rule-corpus.js	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.	45
high	Known Indicator Filename	package/rules/skill-compromise/ATR-2026-00525-mini-shai-hulud-gh-token-monitor-persistence.yaml	package/rules/skill-compromise/ATR-2026-00525-mini-shai-hulud-gh-token-monitor-persistence.yaml	45

Show all 33 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Js Hidden Powershell	package/dist/eval/corpus.js	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.	45
high	Js Hidden Powershell	package/dist/eval/rule-corpus.js	Hidden / non-interactive PowerShell invocation in package code — `-WindowStyle Hidden`, `irm \| iex`, `windowsHide: true`, or equivalent — used to download-and-run payloads on Windows installers.	45
high	Known Indicator Filename	package/rules/skill-compromise/ATR-2026-00525-mini-shai-hulud-gh-token-monitor-persistence.yaml	package/rules/skill-compromise/ATR-2026-00525-mini-shai-hulud-gh-token-monitor-persistence.yaml	45
low	Credential file access	package/dist/redact.js	matched "aws_access_key"	5
low	Credential file access	package/dist/eval/rule-corpus.js	matched "AWS_ACCESS_KEY"	5
low	Credential file access	package/rules/tool-poisoning/ATR-2026-00010-mcp-malicious-response.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/tool-poisoning/ATR-2026-00012-unauthorized-tool-call.yaml	matched "id_rsa"	3
low	Credential file access	package/rules/tool-poisoning/ATR-2026-00013-tool-ssrf.yaml	matched ".azure\\"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00021-api-key-exposure.yaml	matched "AWS_ACCESS_KEY"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00063-skill-chain-attack.yaml	matched "id_rsa"	3
low	Credential file access	package/rules/tool-poisoning/ATR-2026-00096-registry-poisoning.yaml	matched "id_rsa"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00113-credential-theft.yaml	matched ".aws/"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00121-skill-dangerous-script.yaml	matched ".aws/"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00128-html-comment-hidden-payload.yaml	matched ".aws/"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00136-tool-response-data-piggyback.yaml	matched "id_rsa"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00142-piggyback-transition-words.yaml	matched "id_rsa"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00149-skill-exfil-compound.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00150-credential-in-tool-response.yaml	matched "id_rsa"	3
low	Credential file access	package/rules/prompt-injection/ATR-2026-00153-tool-with-embedded-instruction-to-bypass.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/prompt-injection/ATR-2026-00156-ssh-remote-command-execution-with-creden.yaml	matched ".ssh\\"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00157-timebomb-credential-exfil.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00162-skill-credential-exfil-combo.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00214-credential-theft.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00217-credential-harvesting.yaml	matched "id_rsa"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00224-credential-exfiltration.yaml	matched ".aws/"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00263-credential-file-read-gen.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00423-nl-sensitive-file-disclosure.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/prompt-injection/ATR-2026-00511-mcp-web-context-poisoning.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/prompt-injection/ATR-2026-00512-rules-file-backdoor-injection.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/skill-compromise/ATR-2026-00527-skill-silent-git-remote-mirror-exfiltration.yaml	matched ".azure\\"	3
low	Credential file access	package/rules/prompt-injection/ATR-2026-00535-windsurf-ide-zero-click-prompt-injection.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/privilege-escalation/ATR-2026-00546-crewai-json-loader-local-file-read.yaml	matched ".ssh/"	3
low	Credential file access	package/rules/context-exfiltration/ATR-2026-00569-agent-mcp-path-traversal-arbitrary-file-access.yaml	matched ".ssh/"	3

Manifest

Package metadata

Scripts13

audit:mappingstsx scripts/audit-mappings.ts
buildtsc --build
cleanrm -rf dist tsconfig.tsbuildinfo
compile:pipelocktsx scripts/compile-pipelock.ts
compile:yaratsx scripts/compile-yara.ts --all rules/
devtsc --build --watch
evaltsx src/eval/run-eval.ts
eval:pinttsx src/eval/run-pint-benchmark.ts
prepublishOnlynpm run build
testvitest run
typechecktsc --noEmit
validatetsx tests/validate-rules.ts
validate:compliancetsx scripts/validate-compliance.ts

Dependencies2

@modelcontextprotocol/sdk^1.12.0
js-yaml^4.1.0