https://github.com/raalarcon9705/detect-project-malware

Agent skill that scans a project for supply-chain and infostealer patterns across JS/TS, Python, shell, configs and package.json. Works with Claude Code, Codex, Cursor, Gemini CLI, Antigravity and 40+ other agents.
https://github.com/raalarcon9705/detect-project-malware

agent-skill antigravity claude-code codex cursor gemini-cli incident-response infostealer malware-detection ripgrep security-scanner skill-md skills-sh static-analysis supply-chain-security

Last synced: 16 days ago
JSON representation

Agent skill that scans a project for supply-chain and infostealer patterns across JS/TS, Python, shell, configs and package.json. Works with Claude Code, Codex, Cursor, Gemini CLI, Antigravity and 40+ other agents.

• Host: GitHub
• URL: https://github.com/raalarcon9705/detect-project-malware
• Owner: raalarcon9705
• License: mit
• Created: 2026-04-21T19:26:27.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2026-04-21T19:36:14.000Z (2 months ago)
• Last Synced: 2026-04-21T21:35:37.207Z (2 months ago)
• Topics: agent-skill, antigravity, claude-code, codex, cursor, gemini-cli, incident-response, infostealer, malware-detection, ripgrep, security-scanner, skill-md, skills-sh, static-analysis, supply-chain-security
• Language: Shell
• Homepage:
• Size: 20.5 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# detect-project-malware

An AI agent [Skill](https://skills.sh/) that audits an entire project for

supply-chain and infostealer patterns **without executing any of the suspect

code**. It works as a `SKILL.md` — compatible with Claude Code, Codex, Cursor,

OpenCode, Gemini CLI, Antigravity, and 40+ other agents that implement the

[Agent Skills open standard](https://github.com/vercel-labs/skills).

Built after a real incident where a contributor injected an obfuscated

credential-stealing payload into `postcss.config.js`, got it reverted, and

re-injected it weeks later behind an unrelated feature commit. The skill

automates the detection and the git-history attribution so the same class of

attack can be caught in seconds instead of days.

## What it catches

Covers JS/TS/JSX/TSX, Python, shell (bash/zsh/fish), Ruby, Go, PHP, Perl,

PowerShell, Dockerfiles, Makefiles, YAML, `package.json` install hooks, and all

JS/TS tooling configs. Groups hits into 14 categories:

- `JS_OBFUSCATION`, `JS_EVAL`, `JS_ESM_ESCAPE`, `JS_NATIVE_EXEC`

- `PY_EVAL`, `PY_NATIVE_EXEC`, `PY_REVERSE_SHELL`

- `SHELL_REMOTE_EXEC` — `curl | sh`, `bash <(curl …)`, `base64 -d | bash`, …

- `SHELL_REVERSE_SHELL` — `/dev/tcp/…`, `nc -e`, `bash -i >& /dev/tcp/…`

- `SHELL_PERSISTENCE` — `.bashrc` / `authorized_keys` / crontab / LaunchAgents / systemd

- `SHELL_DISABLE_SECURITY` — `setenforce 0`, `chattr -i`, iptables flush

- `CRED_BROWSER`, `CRED_SSH`, `CRED_CLOUD`, `CRED_TOKENS`, `CRED_WALLETS`,

  `CRED_PRIVATE_KEYS`, `CRED_DISCORD`

- `NET_EXFIL` — Telegram bots, Discord/Slack webhooks, ngrok/transfer.sh, DNS beacons

- `MINING` — stratum, xmrig, coinhive, etc.

- `SUPPLY_CHAIN` — `postinstall` / `preinstall` / `prepare` hooks that fetch or exec

- `CONFIG_ANOMALY` — oversized single lines in config files (classic payload hiding spot)

See [PATTERNS.md](PATTERNS.md) for the full catalog with severity and typical

false-positive shapes.

## Install

### Via the `skills` CLI (Vercel Labs, works with 45+ agents)

```bash

npx skills add raalarcon9705/detect-project-malware

```

This auto-detects your installed agents (Claude Code, Codex, Cursor, OpenCode,

Gemini CLI, Antigravity, …) and places the skill in each agent's skills

directory. Install for a specific agent only:

```bash

npx skills add raalarcon9705/detect-project-malware --agent claude-code

npx skills add raalarcon9705/detect-project-malware --agent codex

npx skills add raalarcon9705/detect-project-malware --agent cursor

```

### Manual install

Clone the repo into the skills directory of your agent of choice:

| Agent          | Path                                       |

| -------------- | ------------------------------------------ |

| Claude Code    | `~/.claude/skills/detect-project-malware`  |

| Codex          | `~/.codex/skills/detect-project-malware`   |

| Cursor         | `~/.cursor/skills/detect-project-malware`  |

| Gemini CLI     | `~/.gemini/skills/detect-project-malware`  |

| Antigravity    | `~/.antigravity/skills/detect-project-malware` |

| Generic        | `~/.agents/skills/detect-project-malware`  |

```bash

git clone https://github.com/raalarcon9705/detect-project-malware.git \

  ~/.claude/skills/detect-project-malware

```

## Usage

Once installed, tell your agent:

> Scan this repo for malware / supply-chain issues

Or invoke the scripts directly from any project root:

```bash

bash ~/.claude/skills/detect-project-malware/scripts/scan.sh

```

Typical output:

```

=== detect-project-malware scan ===

root:    /Users/you/Development/your-repo

scanned: 713 file(s) in 2s

result:  3 suspicious file(s)

Categories seen:

  CRED_TOKENS             2 match(es)

  JS_ESM_ESCAPE           1 match(es)

● /Users/you/Development/your-repo/postcss.config.js

    [JS_ESM_ESCAPE] createRequire

● /Users/you/Development/your-repo/test-goals.sh

    [CRED_TOKENS] jwt-candidate

```

For any hit, attribute the injection commit:

```bash

bash ~/.claude/skills/detect-project-malware/scripts/find-injection.sh \

  path/to/file.js --root .

```

Produces a CLEAN / INFECTED / INJECTED / CLEANED history walk plus the exact

`git show` command to restore the last clean version.

## Repository layout

```

detect-project-malware/

├── SKILL.md            ← entry point (YAML frontmatter + workflow)

├── PATTERNS.md         ← category catalog with severity & FP guidance

├── SECURITY.md         ← threat model & how the scripts are safe to run

├── scripts/

│   ├── scan.sh         ← ripgrep-based, multi-language scanner

│   ├── patterns.txt    ← editable rule catalog (CATEGORY|name|regex)

│   └── find-injection.sh ← git-history attribution for a single file

├── LICENSE

└── README.md

```

## Requirements

- [ripgrep](https://github.com/BurntSushi/ripgrep) (`rg`) — the scanner uses it

  for the fast file traversal and pattern matching.

- `bash` 3.2+ (scripts tested against macOS default bash and modern Linux).

- `git` 2.0+ (only for `find-injection.sh`).

## How it's safe to run

None of the scripts ever `source`, `eval`, `node`, `python`, `bash`, or

otherwise execute a suspect file. They only **read** content through ripgrep

and `awk`. Safe to point at a repo you already suspect is compromised.

See [SECURITY.md](SECURITY.md) for the threat model, scope, and what the skill

explicitly does **not** do.

## Contributing

Patterns live in `scripts/patterns.txt`. Format per line:

```

CATEGORY|name|regex

```

Lines starting with `#` and blank lines are skipped. Regex flavor: ripgrep

default (Rust regex, no look-around). When adding a new pattern, update

`PATTERNS.md` with a severity note and typical false-positive shape.

## License

[MIT](LICENSE) © 2026 Reynier Rivero