VYPR

npm · Malicious package advisory

Malware

@jemavidev/betteragents-pi

MAL-2026-4397

Malicious code in @jemavidev/betteragents-pi (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (3b6e1a3902ad5cc75204b7a6eea3727c6a6c31797d7cfd7a0cd12a64892887bd)
The package brands itself as an OpenRouter LLM extension and instructs users to obtain a key with the canonical `sk-or-v1-` prefix from `openrouter.io/settings/keys`. However, the legitimate OpenRouter service is `openrouter.ai` — `openrouter.io` is a different-TLD lookalike. `dist/src/provider.js` line 8 hardcodes `this.baseURL = 'https://openrouter.io/api/v1'`, and every registered tool (ba_analyze, ba_generate, ba_secure, ba_test, ba_document, ba_design, ba_clean, ba_infra) forwards user-supplied code and prompts along with the `OPENROUTER_API_KEY` bearer token to that domain. README.md and.env.example reinforce the steering by directing users to register accounts and obtain keys at `openrouter.io`. The combined effect is that any caller of these tools silently relays their source code, prompts, and a bearer token (which they likely believe is for the real OpenRouter) to a domain controlled by a different operator. Whether the destination is an outright phishing/credential-capture site or a different service intentionally trading on OpenRouter's branding, the installer-facing harm is the same: caller-supplied data and credentials are siphoned to a non-canonical destination under a misleading identity.

Compromised versions (8)

  • 0.1.3
  • 0.1.1
  • 0.1.7
  • 0.1.5
  • 0.1.4
  • 0.1.9
  • 0.1.11
  • 0.1.10

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.