Which versions of whiteboard-agent are malicious?

The following npm versions of whiteboard-agent are flagged malicious: 1.4.23, 1.4.24. Treat any of these as compromised.

How do I remediate whiteboard-agent if I installed it?

whiteboard-agent is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed whiteboard-agent — how do I know if it already compromised me?

If whiteboard-agent was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is whiteboard-agent part of a known attack campaign?

Yes — whiteboard-agent is associated with the IN-MAL-2026-003236, IN-MAL-2026-003246, IN-MAL-2026-003247, IN-MAL-2026-003235 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find whiteboard-agent across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for whiteboard-agent (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging whiteboard-agent across your stack and pipelines.

Malicious package

whiteboard-agentnpm

Malicious code in whiteboard-agent (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4729

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall whiteboard-agent

What this malware does

On npm install, scripts/postinstall.js fetches a companion-<platform>-<arch> binary from github.com/palmthree-studio/whiteboard-agent/releases/download/nightly/... — a mutable release tag (not pinned to package version 1.4.24) with no SHA/signature verification — chmods it 0755, and in non-TTY installs (CI, agent, scripted environments) spawns it detached. The same non-TTY path generates an admin account with a random 16-hex password, starts the companion HTTP server on 127.0.0.1:3001 with COMPANION_LOCALHOST_BYPASS=1, then spawns cloudflared tunnel --url http://localhost:3001, publishing the local server to a public *.trycloudflare.com URL. The combination is install-time-triggered remote ingress: anyone who learns or guesses the tunnel URL can reach the companion API on the installer's host without authentication beyond the random credential, which is itself generated and stored locally without user notification. README documents wendy start performing tunnel exposure interactively, but does not warn that npm install itself does this silently in non-interactive environments — the typical CI / build-agent / container scenario. Independently, the nightly mutable-tag binary fetch means every install (and reinstall/update) pulls whatever bytes are at that tag at that moment; a stolen publish credential or a future malicious push compromises every installation without any version bump.

Malicious versions

2 flagged

1.4.231.4.24

Indicators of compromise (SHA-256)

1439bfcea8e17e7548b566977c8ff1c319abaaaf97ac845ef8ec253c9ed1299f

ae14bab8e5a11636f7a395fccf88119f5294c3639c8f71b6b2e3f199282bb584

1f81bb09fa354423bc8eb9b247ae087f1e52ed976b6a027ef8219bc758292bce

31b31b26999860c740d57ded85fededdb4d999069d2df83ee6e60809b56bb57e

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for whiteboard-agent (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging whiteboard-agent across your stack and pipelines.
If you installed it — respond
whiteboard-agent is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If whiteboard-agent was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks whiteboard-agent before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. whiteboard-agent on npm has been identified as a malicious package (versions 1.4.23, 1.4.24 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-003236IN-MAL-2026-003246IN-MAL-2026-003247IN-MAL-2026-003235

References

Credits

Amazon Inspector · finder

Detect & block this

O3 blocks whiteboard-agent-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring