polinrider-scan
CommunityScan for PolinRider supply-chain malware
System Documentation
What problem does it solve?
PolinRider is a DPRK/Lazarus supply-chain malware that targets JavaScript and Node.js developers by infecting build config files, malicious npm packages, and VS Code droppers to exfiltrate credentials, crypto assets, and propagate via git force-pushes. This Skill provides a comprehensive, no-dependency scan to identify active infections, residual indicators of compromise (IOCs), and propagation artifacts on both local project directories and entire global systems.
Core Features & Use Cases
- Active threat detection: Identifies running malware processes and live C2 connections to catch ongoing exfiltration in real time.
- Comprehensive IOC scanning: Checks source code, build configs, build caches, VS Code tasks, fake binary payloads, git hooks, and installed npm packages for known PolinRider signatures.
- Guided remediation: Provides step-by-step instructions to kill active threats, clean infected files, remove propagation scripts, and rotate compromised credentials.
- Use case: If you installed an affected npm package or used a compromised VS Code extension between March and April 2026, run this scan to confirm if your machine or projects are infected.
Quick Start
Trigger a scan by asking Claude to scan for PolinRider locally to check your current project, or scan for PolinRider globally to check your entire home directory.
Dependency Matrix
Required Modules
None requiredComponents
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: polinrider-scan Download link: https://github.com/finom/finom/archive/main.zip#polinrider-scan Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.