Intelligence

Threat Database

Supply chain threat intelligence for AI agent code. Sigil's cloud threat database tracks malicious packages, attack patterns, and known bad actors across npm, PyPI, and git ecosystems.

1,590+ threats trackedUpdated dailyPro & Team plans

Threat categories

Install Hook Exploits

Malicious code in setup.py cmdclass, npm postinstall, and Makefile install targets that execute on package install.

340+ patternsPhase 1

Credential Exfiltration

Packages that access environment variables, SSH keys, AWS credentials, or API keys and transmit them to external servers.

180+ patternsPhase 4

Obfuscated Payloads

Base64-encoded execution, hex string decoding, String.fromCharCode chains, and minified backdoors designed to evade manual review.

250+ patternsPhase 5

Network Exfiltration

Outbound HTTP calls, webhook callbacks, socket connections, ngrok tunnels, and DNS tunneling hidden in package code.

210+ patternsPhase 3

Dangerous Code Patterns

Use of eval(), exec(), pickle.loads(), subprocess with shell=True, __import__(), and child_process.exec in unexpected contexts.

520+ patternsPhase 2

Provenance Anomalies

Packages with single-commit histories, no verifiable author, binary blobs, hidden files, or filesystem manipulation.

90+ patternsPhase 6

Recent findings

criticalSIGIL-2026-01422026-02-18

aws-sdk-layer typosquat with credential exfiltration

Typosquatting @aws-sdk/client-layer. Postinstall script reads AWS credentials from ~/.aws/credentials and POSTs them to an external endpoint.

npmInstall Hooks

criticalSIGIL-2026-01392026-02-16

flask-security-utils Base64 reverse shell

setup.py install command decodes a Base64-encoded reverse shell payload and executes it via subprocess.Popen.

PyPIObfuscation

highSIGIL-2026-01352026-02-14

react-auth-helper with DNS tunneling

Encodes environment variables into DNS TXT record queries to an attacker-controlled nameserver, bypassing HTTP monitoring.

npmNetwork / Exfil

highSIGIL-2026-01312026-02-12

mcp-server-utils MCP config extraction

Reads Claude Desktop MCP configuration files to extract API keys and server endpoints. Targets AI developers specifically.

npmCredentials

mediumSIGIL-2026-01282026-02-10

langchain-community-tools eval injection

Uses eval() on user-provided LLM output strings without sanitization. Allows arbitrary code execution through crafted agent responses.

PyPICode Patterns

How threat intelligence works

Detect

Automated scanners and community reports identify malicious packages across npm, PyPI, and git.

Analyze

Threats are classified by attack vector, severity, and ecosystem. Signatures are added to the detection engine.

Protect

Pro and Team users receive real-time threat intelligence during scans. New signatures are pushed automatically.

Get threat intelligence with Pro Back to Docs Open-source findings on GitHub