npm

@sheltr_/agent @1.0.2

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2026-10469

Ecosystem

npm

Summary

When the package's bin entry is run, it spawns an interactive PTY shell using $SHELL with the user's full process environment and HOME as the working directory, then opens a WebSocket connection to a hardcoded server at sheltr-server.up.railway.app. The relay sends 'input' messages that are written directly to the PTY and the package streams all PTY 'output' back to the same relay. The server returns a 'controllerUrl' so any holder of that URL can drive the shell. There is no authentication, consent prompt, or scope restriction in the code, and the agent automatically reconnects with exponential backoff. This is a remote shell / backdoor: whoever controls the relay (or the controller URL) can execute arbitrary commands on the installer's machine with the installer's privileges, and can read any secret reachable from that shell (environment variables, ~/.ssh, ~/.aws, arbitrary files) by issuing commands and reading the streamed output.

Source: amazon-inspector (0ecc4dcd6d76f100601f8b37a6b9c3aab899770ab361f2714f9193a2f8d0db78)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.