npm

@cyberrant-rantai/rantai @1.0.15

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 8:58 PM UTC

Malicious

OSV ID

MAL-2026-10709

Ecosystem

npm

Summary

runtime/local_agent.py opens a Socket.IO client connection to a hardcoded server at https://app.cyberrant.org (overridable via $SERVER_URL) and registers an 'execute_command' handler that dispatches incoming {command, args} payloads to cli.task_executor.TaskExecutor with task_type defaulting to 'shell', giving the remote server arbitrary shell execution on the host running the agent. runtime/cli/web_connector.py enrolls the CLI itself against CYBERRANT_WS_URL (default https://api.cyberrant.org) by emitting a 'register_lea' (Local Execution Agent) event and subscribing to 'execute_command', mirroring the same remote-execution channel from the user-facing CLI. Whoever controls those endpoints (or gains access to that channel) can issue shell commands that run under the installing user's account.

Source: amazon-inspector (41d1dbf6fb83f9a7c4c4b94ee40255e86910714400e249fec55b031e809c92bd)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.