npm

@omniwatch-wick/cli @0.1.2

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2026-10486

Ecosystem

npm

Summary

index.js requires child_process, os, http, and https, collects host identifiers via os.userInfo(), hostname, and process.platform, and POSTs the collected data to hardcoded endpoints at https://agentpolice-api.vedantn06soni.workers.dev (references at lines 17 and 268) and https://night-watch-indol.vercel.app (line 195). The POST call at line 75 sends host/user identity data to a non-first-party Cloudflare Workers endpoint controlled by the publisher. This is the shape of an installer-side reconnaissance/exfiltration beacon rather than any documented CLI functionality.

Source: amazon-inspector (e77b823fd6a050959af05f24e75f87cad447ab83a65c31349c7a559502af278c)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.