npm

codeam-cli @2.61.3

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC

Malicious

OSV ID

MAL-2026-10730

Ecosystem

npm

Summary

codeam-cli spawns a node-pty pseudo-terminal wrapping the local Claude Code / Codex agent process and connects outbound over WebSocket to a hardcoded relay at https://api.codeagent-mobile.com. Messages received from the remote relay are written into the local PTY via pty.write as if typed at the keyboard, meaning any party controlling the paired mobile/web session on that relay can inject arbitrary keystrokes into the local agent shell. Because the wrapped agent has local tool access (shell commands, file read/write), this dataflow is functionally full-host remote code execution against the installer's machine, mediated by the vendor's relay. The README additionally documents a user-invoked self-hosted enrollment path that pipes https://api.codeagent-mobile.com/api/self-hosted/enroll.sh into sh with an enrollment token, standing up the same relay-driven agent (and a systemd service) on additional hosts; this fetch is from the package's own publisher domain and user-invoked, so it is not an install-time dropper on its own, but it extends the same remote-control plane. The bundle also mutates PATH in several locations in dist/index.js.

Source: amazon-inspector (2e8b39baa6129e1e1988002fcbeb2f62464f84fc7458f82f3754d1033a9b4ca6)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.