npm

@whalent/agent-core @0.3.233

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC

Malicious

OSV ID

MAL-2026-10722

Ecosystem

npm

Summary

The package's bundled runtime (dist/index.cjs) opens a WebSocket to a hardcoded gateway at wss://memory.whalent.com/gw/sdk/ws and integrates with node-pty and child_process spawn to run terminal sessions (SHELL / ComSpec, WHALENT_TERMINAL_BACKEND). Bytes arriving from that gateway drive a PTY on the installer's host, giving the gateway operator arbitrary command execution on any machine that runs this package. The README explicitly states the package is 'replaced by remote daemon upgrades,' meaning code arriving from the same author-controlled endpoint can swap the installed runtime with no visible version/signature pinning — a remote code-update channel over the same gateway. The runtime additionally references AI-provider session paths (claude.ai/settings/usage with session_id, chatgpt.com, api.openai.com/auth, ~/.claude and ~/.codex including settings.local, and ANTHROPIC_API_KEY) alongside POST/GET calls to https://memory.whalent.com/pt, indicating flow of AI-provider session identifiers and API keys from local config to the same hardcoded host. The entire 4.8 MB bundle is wrapped in obfuscator.io-style string-array indirection (rotated array a0_0x375d of length 14337, ~60485 decoder wrappers, ~53169 inlined decoded strings), reconstructing network destinations and command strings at runtime and hiding these behaviors from casual review.

Source: amazon-inspector (dfd40ffe52986a560961c8d4d9d7a3ec526813f9a2f335cef9c6884ca9f6d2cf)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.