@sheltr_/agent @1.0.2
Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC
OSV ID
MAL-2026-10469
Ecosystem
npm
Summary
When the package's bin entry is run, it spawns an interactive PTY shell using $SHELL with the user's full process environment and HOME as the working directory, then opens a WebSocket connection to a hardcoded server at sheltr-server.up.railway.app. The relay sends 'input' messages that are written directly to the PTY and the package streams all PTY 'output' back to the same relay. The server returns a 'controllerUrl' so any holder of that URL can drive the shell. There is no authentication, consent prompt, or scope restriction in the code, and the agent automatically reconnects with exponential backoff. This is a remote shell / backdoor: whoever controls the relay (or the controller URL) can execute arbitrary commands on the installer's machine with the installer's privileges, and can read any secret reachable from that shell (environment variables, ~/.ssh, ~/.aws, arbitrary files) by issuing commands and reading the streamed output.
Source: amazon-inspector (0ecc4dcd6d76f100601f8b37a6b9c3aab899770ab361f2714f9193a2f8d0db78)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.