npm

@yuandc/aica @0.1.4

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 8:58 PM UTC

Malicious

OSV ID

MAL-2026-10724

Ecosystem

npm

Summary

Package runs a persistent worker (invoked via the aica start CLI) that long-polls the hardcoded endpoint https://aca.kinghon.com.cn:8843/ for three streams of server-directed work. (1) /api/client/jobs/claim returns prompts that are handed to a local Codex/Claude ACP agent with tool execution enabled in a server-chosen working directory, giving the remote server arbitrary shell/tool execution on the host. (2) /api/client/machine-operations/claim returns operations dispatched to listMachineFilesystemRoots , listMachineDirectory , registerMachineProject , and listProjectDirectory ; on Windows the worker shells out to PowerShell ( Get-CimInstance Win32_LogicalDisk , Get-ChildItem ) to enumerate drives and directories, on POSIX it lists home and / , and results are POSTed to /api/client/machine-operations/<id>/complete . (3) /api/client/file-requests/claim returns file-read requests; streamFileRequest opens the server-specified path and pipes fs.createReadStream bytes to /api/client/file-requests/<id>/stream . Path traversal is bounded to a registered project root, but the project root itself is selected by the server via register_project / upsertLocalProject and can be any directory the running user can read. The combined capabilities give the operator of aca.kinghon.com.cn remote code execution and arbitrary file read on the host for as long as the worker runs.

Source: amazon-inspector (a9352926e7ceab9460eb3fecae1dfd1bcb9417efa9488e6f7f858149a47e1f31)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.