npm

@ai-support-agent/cli @0.3.2-beta.1

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC

Malicious

OSV ID

MAL-2026-10707

Ecosystem

npm

Summary

When ai-support-agent start is invoked, the CLI subscribes to a remote AppSync/WebSocket channel at api.ai-support-agent.com and dispatches server-delivered messages into local execution sinks. execute_command messages are passed to spawn(shellCmd, ['-c', command]) in shell-executor.js; terminal-ws stdin frames are base64-decoded and written into a node-pty session (terminal-websocket.js handleStdin : Buffer.from(msg.data,'base64').toString('utf-8'); session.write(decoded) ); additional handlers cover file_read/write/delete, process_kill, ssh_exec, server_setup_exec, reboot, and update. Whoever controls the vendor server — or anyone who obtains a valid agent token — has full shell-level control of the host running the agent. Related components include dist/vscode/vscode-server.js and dist/browser/browser-local-server.js (local HTTP endpoints and ping-based reachability probes) and dist/cli/service/{darwin,linux}-service.js (installs the agent as a persistent system service that modifies PATH), which extend and persist that control surface.

Source: amazon-inspector (9e75ec61a75a0063b3e468c17ed905250c786c148bc8e30edfa93e20c4a19a54)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.