The hydanlabs npm package hardcodes its large language model backend to a plaintext HTTP endpoint at a bare IP address controlled by the package author. Upon installation and use, it sends detailed system reconnaissance data including hostname, username, home path, current working directory, CPU model, RAM, and disk usage, along with user prompts and API keys in plaintext Authorization headers. The backend responds with specially tagged commands that the client automatically executes locally without user consent, including shell commands and file operations. This design allows the backend operator to execute arbitrary commands remotely on any machine running the affected hydanlabs versions, effectively providing a remote shell. The user API key is also persisted insecurely in the user's home directory. This is a malicious package behavior rather than a legitimate AI service integration.

An attacker controlling the backend server can execute arbitrary shell commands on any system running the affected hydanlabs versions, leading to full remote code execution. Sensitive system information and user API keys are exposed in plaintext to the attacker, risking credential theft and further compromise. The automatic execution of commands without user confirmation enables stealthy and persistent control over affected hosts.

No official patch or fix is currently documented for this malicious package. Users should immediately uninstall the affected hydanlabs versions (=1.0.2, =1.0.3, =1.3.0, =1.3.2) and avoid using this package. Review and revoke any API keys potentially exposed. Monitor for unauthorized access and consider rotating credentials. Since this is a malicious package, do not trust updates from the same source without verification. Patch status is not yet confirmed — check the vendor advisory or trusted sources for any remediation guidance.