Summary
The insight/ sub-project ships with package.json dependencies on @tanstack/react-router, @tanstack/react-router-devtools, and @tanstack/router-plugin. The GitHub Advisory Database lists these as malicious (CVE-2026-45321 + MAL-2026-3465 / 3466 / 3477) — malware that exfiltrates cloud credentials and GitHub tokens.
Affected paths (in context-mode@1.0.118)
insight/package.json:19 — @tanstack/react-routerinsight/package.json:20 — @tanstack/react-router-devtoolsinsight/package.json:37 — @tanstack/router-plugininsight/package.json:47 — vitest==3.0.5 (separate CVE-2026-47429, arbitrary file read/exec via UI server)package.json:125 — vitest==4.0.18 (same CVE-2026-47429)
Impact
The /context-mode:ctx-insight skill description states "First run installs dependencies (~30s)". So the first time any user invokes that command, npm install runs in insight/ and the malicious @tanstack/* packages are downloaded and executed.
Reproduction
Detected by NVIDIA SkillSpector v2.1.5 static scan (no LLM analyzer, just dependency CVE matching):
context-mode/1.0.118/insight/package.json:19
Known Vulnerable Dependency: @tanstack/react-router
CVE-2026-45321 (Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens)
MAL-2026-3465 (Malicious code in @tanstack/react-router (npm))
Suggested fix
One of:
- Pin all
@tanstack/* dependencies to known-clean post-advisory versions
- Drop the
insight/ analytics dashboard or move it to a separate opt-in installer
- Replace
@tanstack/react-router with an alternative router
Until fixed, local mitigation is rm -rf <plugin-cache>/context-mode/<version>/insight/ so accidental invocations fail safe.
Happy to help test a patch.
— flagged via SkillSpector scan during a personal Claude Code plugin audit on 2026-06-16
Summary
The
insight/sub-project ships withpackage.jsondependencies on@tanstack/react-router,@tanstack/react-router-devtools, and@tanstack/router-plugin. The GitHub Advisory Database lists these as malicious (CVE-2026-45321 + MAL-2026-3465 / 3466 / 3477) — malware that exfiltrates cloud credentials and GitHub tokens.Affected paths (in
context-mode@1.0.118)insight/package.json:19—@tanstack/react-routerinsight/package.json:20—@tanstack/react-router-devtoolsinsight/package.json:37—@tanstack/router-plugininsight/package.json:47—vitest==3.0.5(separate CVE-2026-47429, arbitrary file read/exec via UI server)package.json:125—vitest==4.0.18(same CVE-2026-47429)Impact
The
/context-mode:ctx-insightskill description states "First run installs dependencies (~30s)". So the first time any user invokes that command,npm installruns ininsight/and the malicious@tanstack/*packages are downloaded and executed.Reproduction
Detected by NVIDIA SkillSpector v2.1.5 static scan (no LLM analyzer, just dependency CVE matching):
Suggested fix
One of:
@tanstack/*dependencies to known-clean post-advisory versionsinsight/analytics dashboard or move it to a separate opt-in installer@tanstack/react-routerwith an alternative routerUntil fixed, local mitigation is
rm -rf <plugin-cache>/context-mode/<version>/insight/so accidental invocations fail safe.Happy to help test a patch.
— flagged via SkillSpector scan during a personal Claude Code plugin audit on 2026-06-16