The openai-agents-helpers npm package (version 1.3.2) includes a postinstall script that harvests sensitive information from the installer’s environment, such as SSH public keys (email comments), AWS and GCP credentials, GitHub CLI user data, git commit metadata, hostname, username, and CI provider details. This data is exfiltrated via HTTPS POST to a hardcoded endpoint not affiliated with OpenAI. The package falsely presents itself as an official OpenAI tool, misleading users. The data collected is valuable for attackers conducting targeted phishing or account takeover campaigns. This malicious behavior triggers automatically on installation without opt-in, violating expected package behavior and user trust.

Sensitive identity and cloud environment data is exfiltrated from the host system to an attacker-controlled server. This includes SSH key mappings, cloud service account details, GitHub user information, and local system identifiers. Such data can facilitate targeted phishing, social engineering, and account takeover attacks. The automatic execution on install increases risk by compromising systems immediately upon package installation. The package’s deceptive branding further increases the likelihood of victim trust and exploitation.

No official patch or remediation is currently documented. Users should avoid installing openai-agents-helpers version 1.3.2 and any untrusted packages presenting as OpenAI tools. Audit existing installations for suspicious network activity or presence of this package. Remove the package if found. Monitor for updates or vendor advisories for official fixes. Since this is a malicious package, rely on trusted sources and package registries for verification before installation.