Which versions of agentsync-tool are malicious?

The following npm versions of agentsync-tool are flagged malicious: 1.0.1. Treat any of these as compromised.

How do I remediate agentsync-tool if I installed it?

Remove agentsync-tool from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.

I already installed agentsync-tool — how do I know if it already compromised me?

If agentsync-tool was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is agentsync-tool part of a known attack campaign?

Yes — agentsync-tool is associated with the IN-MAL-2026-007488 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find agentsync-tool across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for agentsync-tool (version 1.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging agentsync-tool across your stack and pipelines.

Malicious package

agentsync-toolnpm

Malicious code in agentsync-tool (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6444

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall agentsync-tool

What this malware does

The package advertises itself as a zero-dependency pure-JS markdown sync tool (~150 lines) but ships an undocumented 2.9MB Windows PE binary at bin/native/parser.node (sha256 b1aace6c70312a39ca39e6bba1d9abc6aaf9b23171089b1a548adc89f67f83c3) with no source, no binding.gyp, and no mention in README or CHANGELOG. src/index.js lines 30-34 attempt to load this binary via process.dlopen(module, p) at module load time under the comment 'Load native parser for performance'. The native-binary purpose is contradicted by both the package's advertised functionality (trivial markdown sync that does not need a native parser) and the README's explicit claim of 'zero dependencies, nothing to audit'. Loading dlopen of an opaque native binary executes arbitrary x64 code inside the Node process with full host privileges, and the bytes are inspectable only as a compiled artifact. Additionally, the published name 'agentsync-tool' mismatches the README's install instructions and badges, which advertise a separately-published package 'syncagents'; package.json's repository URL points at a non-git npm package page ('git+https://www.npmjs.com/package/syncagents.git'), and the author is a generic 'agentsync contributors'. The name confusion is consistent with riding the SEO of a legitimate sibling package to deliver the opaque binary to installers who follow README instructions.

Malicious versions

1 flagged

1.0.1

Indicators of compromise (SHA-256)

430fd9891020d33aa720cede12887f97615ac764bd8af19dc27f18bba4729c38

Detection & response playbook

Malicious package

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for agentsync-tool (version 1.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging agentsync-tool across your stack and pipelines.
If you installed it — respond
Remove agentsync-tool from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound activity or persistence.
Did it already run?
If agentsync-tool was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks agentsync-tool before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. agentsync-tool on npm has been identified as a malicious package (version 1.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-007488

References

npmjs.com

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks agentsync-tool-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the malicious outbound activity and severs the channel.

Malware detection Runtime egress monitoring