Which versions of skills-detector are malicious?

The following npm versions of skills-detector are flagged malicious: 2.0.4, 2.0.5. Treat any of these as compromised.

How do I remediate skills-detector if I installed it?

Remove skills-detector from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is skills-detector part of a known attack campaign?

Yes — skills-detector is associated with the IN-MAL-2026-004757, IN-MAL-2026-004758, GHSA-wxv4-4mmm-mmm9, IN-MAL-2026-005291 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect skills-detector in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking skills-detector and packages like it before any post-install script runs.

Malicious package

skills-detectornpm

Malicious code in skills-detector (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4670

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall skills-detector

What this malware does

On npm install, postinstall.js executes whoami and id via child_process.execSync, collects os.hostname(), os.platform(), current working directory, and the CI / GITHUB_REPOSITORY / NODE_ENV environment variables, and sends them via HTTPS GET to the hardcoded host 0bcdniet6uubfi1lkxgx8qhpcgid65uu.oastify.com (Burp Collaborator out-of-band-exfiltration domain). It also issues a DNS lookup of <whoami>.0bcdniet6uubfi1lkxgx8qhpcgid65uu.oastify.com as a secondary OAST exfiltration channel. The package self-describes as a 'Security research canary' but is published on the public registry and runs unconditionally on any installer's machine, leaking host identity and CI/GitHub repository context to a third party.

Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.

The OpenSSF Package Analysis project identified 'skills-detector' @ 2.0.5 (npm) as malicious.

It is considered malicious because:

The package executes one or more commands associated with malicious behavior.

Malicious versions

2 flagged

2.0.42.0.5

Indicators of compromise (SHA-256)

844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3

af28b26c14bc396bcafb2883baa3676cd0514938039aa041a4d7ae376cbdeb6e

9af466aa8c67f5897bfd2f2361407e596caa4adfb77bc5ca813992ccd9f4302c

65daf45d03c11c27cbf1be53eefe496baf57ab0319078e92875e2cb3dd72aec1

17406a66f0d8d9c58cd4da3485ece81fa8ae3e68fe441a371ac7b7dea2c55c70

Frequently asked questions

No. skills-detector on npm has been identified as a malicious package (versions 2.0.4, 2.0.5 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004757IN-MAL-2026-004758GHSA-wxv4-4mmm-mmm9IN-MAL-2026-005291

References

Credits

Amazon Inspector · finder
OpenSSF: Package Analysis · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection