← Home / ECOSYSTEM SECURITY

The software you depend on, watched in real time.

A continuous analysis engine for the supply chain — every newly published package, extension, and marketplace artifact is fetched, the delta to the previous version computed, and a kill-chain verdict rendered. Typosquats, injected install hooks, obfuscated droppers, and compromised dependencies, caught as they ship.

Analyses run

Active malicious

Suspicious

Compromised versions

Malicious by dependency

Analysed last 24h

Live · firehose connected
SURFACES

Every place code comes from.

Package registries, extension stores, IDE & AI marketplaces, and build pipelines — one analysis engine across all of them.

AGENT SKILLS

The skills your agent loads, vetted first.

A SKILL.md is instructions your AI agent will follow — and code it may run. Nithic scans every agent skill and instruction file (SKILL.md, CLAUDE.md, AGENTS.md, Cursor & Copilot rules) locally, on the box, before it ever loads — for prompt-injection and bundled payloads. public skills scanned and counting.

Prompt override

ignore-previous · role-hijack

Text that tries to override the agent's system prompt or your operator policy — "ignore all previous instructions", impersonating the system or developer role.

Secret exfiltration

read-secrets → send

Steps that read credentials (.env, .aws, .ssh, tokens) and ship them outward — the steal-and-send kill chain, whether in prose or a bundled script.

Destructive commands

rm -rf · disk wipe

Whole-home or system destruction smuggled into an innocuous-looking "setup" step.

Tool abuse

over-broad tool calls

Skills that steer the agent into dangerous tools — shell, file delete, money movement — well beyond their stated purpose.

Fetch-and-obey

curl … | sh · remote instructions

"Download this and do what it says" — pulling a second-stage payload or instruction set from a remote host at run time.

Hidden unicode

zero-width · homoglyph

Invisible and look-alike characters that conceal an instruction from a human reviewer — but not from the model.

Bundled scripts get the same shell-payload kill-chain analysis as supply-chain packages. Clean skills never leave your machine — only a flagged one is sent for deeper cloud + LLM review. The same sensor watches the MCP servers your agents connect to, risk-classifying every tool call and blocking the dangerous ones by policy.

LIVE FEED

Caught shipping.

The most recent malicious packages flagged by the engine. inherited = own code is clean but it pulls in a compromised dependency.

Connecting to live feed…
CAMPAIGNS

Connected threats.

Inheritance and delta analysis turn isolated detections into mapped campaigns.

The easy-day-js dropper

npm · typosquat · obfuscated install hook

A dayjs typosquat shipping the real library verbatim alongside an injected, obfuscated postinstall that downloads bss.exe from a throwaway Cloudflare tunnel and runs it. Caught on publish by the obfuscation + auto-exec kill chain.

The @mastra publish wave

npm · dependency injection · 8 packages

Eight @mastra/* packages, each published one patch above the current release, each injecting easy-day-js as a dependency — then pulled from the registry. Dependency inheritance flagged all eight as malicious-by-dependency while their own code stayed clean.

Compromise-on-update detection

delta analysis · previously-clean → dangerous

The headline supply-chain pattern: a trusted package that newly introduces a self-damning act in a single version. Delta-weighted scoring surfaces the change, not just the capability.