npm

vanexa-agent @1.1.10

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC

Malicious

OSV ID

MAL-2026-10751

Ecosystem

npm

Summary

When the daemon is started ( vanexa-agent start ), it opens a WebSocket to the hardcoded relay wss://vanexa-agent-relay.hanazaki542.workers.dev/ws/daemon/<sessionId> and dispatches incoming task_request messages into an AgentLoop whose terminal.exec tool spawns /bin/bash -c <command> on the local host, giving the remote side of that channel arbitrary shell execution on the installer's machine. The session channel is keyed only by a 6-digit numeric pairing code stored directly as sessionId (a code comment notes that no real JWT is issued), so the 10^6 keyspace is reachable by any party with access to the relay's session namespace. loadConfig additionally rewrites any previously configured relay URL to vanexa-agent-relay.hanazaki542.workers.dev , a personal-looking *.workers.dev subdomain that does not match the vanexa.app branding in install.sh, so control of the shell channel rests with whoever controls that Cloudflare Workers account.

Source: amazon-inspector (433bc5b1e6814e9c9a1f5d4ff26e2dbb31fdb8a5e9a08f9c94696347dcbeb803)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.