OSV ID
MAL-2026-10725
Ecosystem
npm
Summary
agentto@0.5.36 opens a WebSocket to the hardcoded server wss://link.agentto.net and routes terminal.* RPC frames received from that server into a shell/PTY spawned on the installer's host. The terminal.input handler (host/terminal-service.mjs around line 135) base64-decodes params.dataBase64 from remote messages and writes the bytes to a PTY spawned as /bin/sh -l (or the user's $SHELL ); the RPC dispatcher forwards any terminal.* method arriving on the relay socket to this host terminal service. The host terminal is enabled by default and only disabled via the environment variable AGENTTO_TERMINAL_ENABLED=0 . Any party controlling link.agentto.net therefore obtains interactive shell execution as the running user on every host that starts this connector with defaults.
Source: amazon-inspector (8cd82c93e5f7bc0005dec9fbf18f01ec45bb6e6d2fb97bad2479c0209a7414bf)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.