{"id":"MAL-2026-4628","summary":"Malicious code in open-agents-ai (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7)\npackage.json declares both preinstall and postinstall lifecycle hooks that invoke curl, and ships dist/postinstall-daemon.cjs — a Node script that loads child_process, fs, http, and os, calls execSync and http.request, reads os.userInfo() (lines 150, 385), checks for files via fs.existsSync, and executes ping commands at multiple call sites (lines 174, 288, 455, 681, 727). The combination of a postinstall-triggered Node daemon that harvests user/host identity (os.userInfo), probes the network (ping, http.request GET), and lifecycle scripts that additionally shell out to curl is the structural shape of an installer-side host-fingerprinting and exfiltration component, not a documented build step or vendor SDK fetch. There is no shipped native source tree, no publisher-pinned binary download, and no advertised purpose that would justify a postinstall daemon performing system-info collection and outbound HTTP from the installer's machine.\n","modified":"2026-05-27T00:32:04.222086296Z","published":"2026-05-19T17:37:07Z","withdrawn":"2026-05-26T18:48:47Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-05-19T17:46:51Z","id":"IN-MAL-2026-003215","versions":["0.187.591"],"source":"amazon-inspector","sha256":"32b7a0aed7bb5a7a842a129cbc43110a1f90f8eab8747ad7101e96fd4b3257de","import_time":"2026-05-26T05:50:13.700095319Z"},{"modified_time":"2026-05-19T17:53:08Z","id":"IN-MAL-2026-003219","versions":["0.187.593"],"source":"amazon-inspector","sha256":"8c0663d146131d47787d9023851f52d950bcf5269dfb8e27da4e4b183cd42a7e","import_time":"2026-05-26T05:50:14.108311002Z"},{"id":"IN-MAL-2026-003214","versions":["0.187.596"],"modified_time":"2026-05-19T17:45:54Z","source":"amazon-inspector","sha256":"9f4ce7d3d6f1d34540ff74431ce76bd58fbf56ddb98670e61bd2989d453080f1","import_time":"2026-05-26T05:50:13.560632541Z"},{"modified_time":"2026-05-19T18:03:24Z","id":"IN-MAL-2026-003221","versions":["0.187.594"],"source":"amazon-inspector","sha256":"c17f09531ea061a090955d6d992f6fe77b68203764b882ddfd03c2b2f78b7bbb","import_time":"2026-05-26T05:50:14.331829308Z"},{"modified_time":"2026-05-19T17:49:02Z","id":"IN-MAL-2026-003216","versions":["0.187.590"],"source":"amazon-inspector","sha256":"c7bc672acb5ffb45b94bc4b32ae325a94210430e9fab1504b8d258586528b367","import_time":"2026-05-26T05:50:13.801395448Z"},{"modified_time":"2026-05-19T18:04:46Z","id":"IN-MAL-2026-003222","versions":["0.187.588"],"source":"amazon-inspector","sha256":"d621442ec3b2259930c5a1f1a57f983aaa6a61212fb4cd5ebed532032fc90e28","import_time":"2026-05-26T05:50:14.440102628Z"},{"modified_time":"2026-05-19T17:38:02Z","id":"IN-MAL-2026-003212","versions":["0.187.595"],"source":"amazon-inspector","sha256":"63fb2da8f0dd939c7ac24c5877da88c47bdfdb30495ef08d3b43abc27426de15","import_time":"2026-05-26T05:50:13.362524797Z"},{"id":"IN-MAL-2026-003220","versions":["0.187.592"],"modified_time":"2026-05-19T17:53:14Z","source":"amazon-inspector","sha256":"a32cbcf59ff1112ab295b929e9dc24f29c7e129650e1ea32e6cf9af239435c9c","import_time":"2026-05-26T05:50:14.22006522Z"},{"versions":["0.187.587"],"modified_time":"2026-05-19T17:37:07Z","id":"IN-MAL-2026-003211","source":"amazon-inspector","sha256":"ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7","import_time":"2026-05-26T05:50:13.250346782Z"},{"modified_time":"2026-05-19T17:44:08Z","id":"IN-MAL-2026-003213","versions":["0.187.589"],"source":"amazon-inspector","sha256":"fc20158f0f7883c5b18b352d10c6bfb1cede6a7b9bf93918c74e58f85547c8f6","import_time":"2026-05-26T05:50:13.469650984Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.591"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.593"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.596"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.594"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.590"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.588"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.595"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.592"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.587"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/open-agents-ai/v/0.187.589"}],"affected":[{"package":{"name":"open-agents-ai","ecosystem":"npm","purl":"pkg:npm/open-agents-ai"},"versions":["0.187.591","0.187.593","0.187.596","0.187.594","0.187.590","0.187.588","0.187.595","0.187.592","0.187.587","0.187.589"],"database_specific":{"cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"},{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/npm/open-agents-ai/MAL-2026-4628.json","indicators":{"evidence_files":[{"path":"dist/postinstall-daemon.cjs","tlsh":"12d2c675a6ea203439a3f2bd9b1f5019766af1133514de1078bc72546fcc82d02b6efa","sha256":"7fe6dbf9c7db9dbc0decd6ca0c308af95bbb3fe7ea55fcac6e75254f32767735"},{"path":"package.json","tlsh":"5c634c13ae39587b23dbc28232192475cb3a915a55481458b0dccaed9b8dbfc937f393","sha256":"83ededb5d8eacc964fefbf433bd8f3ffbede2a9fab113c7f3a2beab5c5306dc8"}],"package_integrity":[{"hashes":{"sha1":"964553a48d1d8ff4bdae8d8a450d79b08d3a8308","sha512_sri":"sha512-oKtCPcjYGdLy4OyYE5d+VxnM8OL34/uC8n5yQdzVtGNVeopnQvwP+NQPkLgq9e5uU5+r6JqeQkAGLyocvE9joQ=="},"filename":"open-agents-ai-0.187.591.tgz"}]}}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}