Employee workstation security scanner for Livly Technologies. Detects and helps remove vulnerable packages across developer workstations.
Active Scanners:
- TeamPCP / GitHub Breach (May 2026) — Detects compromised VS Code extensions, C2 domain references, exposed credentials, compromised packages, and FIRESCALE backdoor signatures from the TeamPCP hacking group breach of GitHub
- Axios Supply Chain Attack (March 2026) — Detects compromised npm axios versions, malicious transitive dependencies, RAT artifacts, and C2 indicators
- LiteLLM Vulnerability — Detects vulnerable litellm installations across all Python environments, AI coding tools, package managers, Docker, and more
On May 20, 2026, the TeamPCP hacking group breached GitHub's internal infrastructure using a poisoned VS Code extension installed on a GitHub employee's device. They exfiltrated ~3,800 internal repositories. This scanner checks developer workstations for indicators of compromise (IoCs) related to this breach.
References: BleepingComputer · The Hacker News
chmod +x executables/TeamPCP-Scan-Mac.command
bash executables/TeamPCP-Scan-Mac.commandOr double-click the .command file in Finder after running the chmod step once.
Double-click executables\TeamPCP-Scan-Windows.bat
| # | Check | Details |
|---|---|---|
| 1 | VS Code extensions audit | Detects Nx Console v18.95.0 (compromised version used in attack) |
| 2 | Extension modification timestamps | Flags extensions with code modified in the last 7 days (supply chain tampering) |
| 3 | C2 domain search | Searches extensions + source for git-service.com, m-kosche.com (TeamPCP C2 infrastructure) |
| 4 | Credential file access | Checks permissions and access times on .npmrc, .pypirc, .docker/config.json, etc. |
| 5 | npm/PyPI token exposure | Finds tokens committed to git repos (should be gitignored) |
| 6 | Shell history secrets | Scans bash/zsh history for leaked PATs, API keys, bearer tokens |
| 7 | Compromised packages | Checks for durabletask (PyPI 1.4.1-1.4.3), plain-crypto-js, FIRESCALE git signatures |
| 8 | DNS / network indicators | Checks DNS cache and active connections for C2 communication |
| 9 | GitHub PAT / SSH key age | Flags old SSH keys (>1 year) and environment variable tokens |
| 10 | MCP config secrets | Finds plaintext secrets in .vscode/mcp.json / .cursor/mcp.json files |
Results are saved to ~/teampcp-scan-results.txt and posted to the team Slack channel.
By default, the scanner checks ~/Documents, ~/Projects, ~/Developer, ~/repos, ~/dev, ~/code, ~/workspace, ~/Desktop. Override with:
TEAMPCP_SCAN_DIRS="/path/to/projects:/another/path" bash executables/TeamPCP-Scan-Mac.commandIf the scan detects findings, take these actions based on severity:
Critical (C2 domains / active connections / compromised extensions):
- Disconnect from network IMMEDIATELY
- Notify your security team — do NOT continue working on the machine
- Uninstall compromised extensions and clear VS Code extension cache
- Review git commits for unauthorized changes
High (Exposed secrets / tokens):
- Rotate ALL exposed credentials immediately
- Add credential files to .gitignore and purge from git history (
git filter-branchor BFG) - Use environment variables instead of hardcoded secrets
- Review GitHub audit log for unauthorized access
Medium (Old SSH keys / history secrets):
- Rotate SSH keys older than 1 year
- Clear secrets from shell history (
history -cor edit~/.zsh_history) - Audit PAT scopes at github.com/settings/tokens
- Enable GitHub push protection to prevent future secret commits
A supply chain attack was published against the axios npm package (axios@1.14.1, axios@0.30.4) on March 31, 2026. The compromised versions inject plain-crypto-js@4.2.1, which deploys a cross-platform RAT (Remote Access Trojan) targeting macOS, Windows, and Linux via a postinstall script.
References: StepSecurity Blog · The Hacker News · Socket Analysis
chmod +x executables/Axios-Scan-Mac.command
bash executables/Axios-Scan-Mac.commandOr double-click the .command file in Finder after running the chmod step once.
Double-click executables\Axios-Scan-Windows.bat
| # | Check | Details |
|---|---|---|
| 1 | RAT artifacts | /Library/Caches/com.apple.act.mond (macOS), %PROGRAMDATA%\wt.exe (Windows), /tmp/ld.py (Linux) |
| 2 | node_modules axios versions | Recursive scan of all node_modules/axios/package.json for versions 1.14.1 or 0.30.4 |
| 3 | Lock files | Scans package-lock.json, yarn.lock, pnpm-lock.yaml for compromised version references |
| 4 | Malicious packages | Searches for plain-crypto-js, @shadanai/openclaw, @qqbrowser/openclaw-qbot in node_modules |
| 5 | C2 indicators | Searches for C2 domain sfrclak.com and beacon URL packages.npm.org/product in JS/JSON files |
| 6 | npm global packages | Checks globally installed packages for compromised versions and malicious packages |
| 7 | npm cache | Checks for cached compromised tarballs and malicious package artifacts |
Results are saved to ~/axios-scan-results.txt and posted to the team Slack channel.
By default, the scanner checks ~/Documents, ~/Projects, ~/Developer, ~/repos, ~/dev, ~/code, ~/workspace, ~/Desktop. Override with:
AXIOS_SCAN_DIRS="/path/to/projects:/another/path" bash executables/Axios-Scan-Mac.commandIf the scan detects findings, take these actions immediately:
- Disconnect from network if RAT artifacts were found
- Downgrade axios to
1.14.0or0.30.3 - Remove
plain-crypto-jsfromnode_modules - Delete RAT artifacts:
- macOS:
rm -f /Library/Caches/com.apple.act.mond - Windows: Delete
%PROGRAMDATA%\wt.exe - Linux:
rm -f /tmp/ld.py
- macOS:
- Rotate ALL credentials and secrets on the machine
- Block egress traffic to
sfrclak[.]com - Audit CI/CD pipelines for runs that installed affected versions
- Notify your security team
- Clone this repo and open it in VS Code
- Open Copilot Chat
- Type
@LiteLLMScanAgentand press Enter - The agent auto-detects your OS, runs the scan, reports findings, and walks you through removal if needed
Scans your machine for litellm and automatically posts results. No setup required.
chmod +x executables/LiteLLM-Scan-Mac.command
bash executables/LiteLLM-Scan-Mac.commandOr double-click the .command file in Finder after running the chmod step once.
Double-click executables\LiteLLM-Scan-Windows.bat
Results are printed to the terminal and saved to ~/litellm-scan-results.txt.
The scripts perform 13 checks on your machine:
| # | Check | Details |
|---|---|---|
| 1 | PATH | Is litellm binary accessible from your terminal? |
| 2 | All pip installations | System pip, Homebrew pip, Xcode CLT pip, etc. |
| 3 | pyenv environments | Every Python version managed by pyenv |
| 4 | conda / mamba / miniforge | Every conda environment |
| 5 | pipx | Globally installed Python CLI tools |
| 6 | Package managers | Homebrew (Mac) / winget, Chocolatey, Scoop (Windows) |
| 7 | Virtual environments | .venv, venv, env dirs in ~/Documents, ~/Projects, ~/dev, etc. |
| 8 | pip cache | Downloaded but potentially uninstalled artifacts |
| 9 | AI agent tools | Cursor, Continue, Cline, Aider, Cody, Tabby, Ollama, LM Studio |
| 10 | VS Code extensions | Both stable and Insiders editions |
| 11 | Docker | Images and running containers |
| 12 | Filesystem | litellm config files, directories, and general file search |
| 13 | MCP servers | Parses MCP configs (VS Code, Cursor, Claude Desktop, Cline), checks Python-based server dependencies via uv/uvx tool environments, and scans npm global packages |
A critical vulnerability was disclosed in LiteLLM — a Python-based LLM proxy/gateway by BerriAI. While all Livly repositories have been audited and confirmed clean (zero exposure), AI coding agents like Cursor, Continue, Aider, and Cline may install Python tooling — including litellm — as transitive dependencies on developer machines.
This scanner ensures no employee workstation is running the vulnerable package.
- 88 non-archived repositories scanned across the entire
livly-techGitHub organization - Zero direct or transitive dependencies on litellm
- Livly's stack (.NET/NuGet, TypeScript/npm, Swift/CocoaPods, Kotlin/Gradle) cannot depend on PyPI packages
- Zero Python projects exist anywhere in the organization
If the scan detects litellm on your machine, use the @LiteLLMScanAgent Copilot agent for guided removal, or follow these manual steps:
pip3 uninstall litellm -y
pip3 list | grep -i litellm # verify~/.pyenv/versions/<VERSION>/bin/pip uninstall litellm -yconda activate <ENV_NAME>
pip uninstall litellm -y
conda deactivatepipx uninstall litellmsource /path/to/.venv/bin/activate
pip uninstall litellm -y
deactivatedocker stop <CONTAINER>
docker rm <CONTAINER>
docker rmi <IMAGE>pip3 cache remove litellmrm -rf ~/.litellm ~/.litellm.env ~/.config/litellm
rm -f ~/litellm_config.yaml ~/litellm-config.yaml# Remove the uv tool that pulled in litellm
uv tool uninstall <TOOL_NAME>
# Or just remove litellm from the tool's isolated environment
~/.local/share/uv/tools/<TOOL_NAME>/bin/pip uninstall litellm -yAfter removal, re-run the scan to verify your machine is clean.
Livly.SecurityScanner/
├── README.md # This file
├── scripts/
│ ├── scan-axios-supply-chain-mac.sh # Axios scanner — macOS (universal)
│ ├── scan-axios-supply-chain-windows.ps1 # Axios scanner — Windows PowerShell
│ ├── scan-litellm-mac-arm.sh # LiteLLM scanner — Apple Silicon Mac
│ ├── scan-litellm-mac-intel.sh # LiteLLM scanner — Intel Mac
│ └── scan-litellm-windows.ps1 # LiteLLM scanner — Windows PowerShell
├── executables/
│ ├── Axios-Scan-Mac.command # Axios Mac launcher (posts to Slack)
│ ├── Axios-Scan-Windows.bat # Axios Windows launcher
│ ├── LiteLLM-Scan-Mac.command # LiteLLM Mac launcher (posts to Slack)
│ ├── LiteLLM-Scan-Windows.bat # LiteLLM Windows launcher
│ └── LiteLLM-Scan-Windows-Reporter.ps1 # LiteLLM Windows results reporter
└── .github/
└── agents/
└── LiteLLMScanAgent.agent.md # VS Code Copilot agent (LiteLLM)
- macOS: Bash (pre-installed)
- Windows: PowerShell 3.0+ (pre-installed on Server 2012+)
- Copilot Agent: VS Code with GitHub Copilot extension
No additional dependencies required. The scripts use only built-in OS tools.