ai-co-scientist

This module is not itself obfuscated malicious code, but it intentionally provides powerful primitives to execute arbitrary user-supplied Python and to stage/commit repository changes. The primary security risk is feature-driven: executing untrusted code with user privileges and automatically staging repository changes (git add -A). If this tool is used in untrusted environments or with untrusted collaborators, it enables code execution, data exfiltration, repository tampering, and accidental committing of secrets. Recommended mitigations: run node execution inside hardened sandboxes/containers with network and FS restrictions, avoid git add -A (use allowlist or require explicit paths), prompt/authorize commits, sanitize inputs/paths, and treat node.code as untrusted by default.