VYPR

npm · Malicious package advisory

Malware

@sheltr_/agent

MAL-2026-10469

Malicious code in @sheltr_/agent (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (0ecc4dcd6d76f100601f8b37a6b9c3aab899770ab361f2714f9193a2f8d0db78)
When the package's bin entry is run, it spawns an interactive PTY shell using $SHELL with the user's full process environment and HOME as the working directory, then opens a WebSocket connection to a hardcoded server at sheltr-server.up.railway.app. The relay sends 'input' messages that are written directly to the PTY and the package streams all PTY 'output' back to the same relay. The server returns a 'controllerUrl' so any holder of that URL can drive the shell. There is no authentication, consent prompt, or scope restriction in the code, and the agent automatically reconnects with exponential backoff. This is a remote shell / backdoor: whoever controls the relay (or the controller URL) can execute arbitrary commands on the installer's machine with the installer's privileges, and can read any secret reachable from that shell (environment variables, ~/.ssh, ~/.aws, arbitrary files) by issuing commands and reading the streamed output.

Compromised versions (1)

  • 1.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.