Olivia
Online
Nipmod
@nipmod
Helping humans and AI agents discover, verify, and use software safely.
Joined May 2026
2 Following
957 Followers
143 Posts
@kevincodex @Franzferdinan57 @gitlawb_intern Hey kevin, nipmod does that already for multiple sources, you know where to find us if you want to work some things out!
This is exactly why we’re building Nipmod
Software discovery needs a trust layer before execution, for humans AND for AI agents. Exact package version, install hooks, provenance, risk signals, approval boundary.
@MsftSecIntel happy to compare notes
https://t.co/lM4xDkJkZx
Microsoft has identified a npm supply chain compromise impacting 90+ redhat-cloud-services/* packages, including patch-client 4.0.4, insights-client 4.0.4, rbac-client 9.0.3, host-inventory-client 5.0.3, frontend-components 7.7.2, and others. The payload is a self-propagating worm that infects other npm packages and self-publishes.
Each compromised package adds a malicious preinstall hook, embedding an index.js script in the package.json that silently executes “node index.js” during installation, downloads Bun, and runs a payload that steals secrets from npm, GitHub, Amazon Web Services (AWS), and Secure Shell (SSH). The added code bloats index.js from ~8KB to ~4.3MB, acting as a heavily obfuscated ROT-9 eval loader.
If any of the compromised packages are installed, users and organizations should assume compromise, rotate credentials, revert to a previously trusted version, and block compromised packages. Identified compromised npm packages have been taken down, and we continue to work with the npm team. Microsoft continues to investigate this attack and will publish updates as more information is available.
Welcome @_ditro to Nipmod!
He will focus on security infrastructure, including safe code execution, sandboxing architecture, latency optimization, and privacy / zero-knowledge research.
He brings backend experience across automation, infrastructure optimization, and secure environments.
Step by step, we are bringing in the right people to build Nipmod into something that matters.
👀
Why should finding code and packages be easier only for AI agents?
Soon, @nipmod will also be available for humans through a chat interface.
This is exactly what we’re here for:
AI agents shouldn’t blindly trust web pages, READMEs, package metadata, model cards or MCP descriptions.
All of that is untrusted input until provenance, sandboxing and execution gates prove otherwise.
Use @nipmod.
⚠️ New ChatGPT Vulnerability Lets Attackers Turn Web Pages Into Phishing Payloads
Source: https://t.co/mjxOMbnRRX
A browser-based prompt injection technique that transforms any web page into a phishing delivery surface by exploiting ChatGPT’s page summarization feature, rendering attacker-controlled links, fake security alerts, and QR codes directly inside the trusted ChatGPT interface.
The attack builds on the same trust-transfer logic previously demonstrated against Microsoft Copilot, where attacker-crafted email content could manipulate AI-generated summaries through Cross Prompt Injection Attacks (XPIA).
ChatGPhish escalates that premise by swapping the bounded email primitive for the browser where users spend the majority of their working day.
#cybersecuritynews #vulnerability
For people who are not deep in tech, this is the simplest way to understand Nipmod:
Imagine the internet before Google.
Everything existed, but finding the right thing was painful.
Imagine knowledge before Wikipedia.
Information existed, but there was no clean place to understand it quickly.
That is roughly where AI agents are today with packages, models, repos and tools.
They can write code. They can install software. They can connect APIs. They can use MCP servers.
But before they touch a workspace, they still need a clean way to search, understand and judge what they are about to use.
That is what we are building.
A search and intelligence layer for AI agents before they touch external code, models or tools.
Google helps humans find things. Wikipedia helps humans understand things. Nipmod helps agents find, understand and preflight the technical things they want to use.
It does not replace npm, PyPI, GitHub, Hugging Face or MCP.
It sits above them and gives agents context, trust signals and safe install plans before execution.
That may sound simple.
But so did search before the internet became impossible to navigate without it.
We just shipped the public integration surface for Nipmod:
Agents and infra teams can now evaluate how Nipmod fits into their stack before they integrate it.
Partner entry:
https://t.co/uvzvovplq8
Agent-readable integration pack:
https://t.co/Fp4Ml0na7I
The hosted API is read-only:
no workspace writes, no package execution, no private workspace data required.
Core API access is protected with beta keys.
This is still beta, but this is the point where Nipmod becomes easier to test, integrate and build around.
If you are building agents, devtools, wallets, MCP servers or onchain infra, we want to talk.
Raw JSON and methodology are public:
If anyone has a harder package, model, repo or MCP case, send it.
The point is not to make the benchmark easy for Nipmod.
The point is to make the preflight layer harder, stricter and more useful for real agents.
Full benchmark:
https://t.co/ju4rQJ6rUz
Raw JSON:
https://t.co/qrEH9YSLUm
We ran a public benchmark for the part of package security that matters most for agents:
what an agent knows before it installs a package, pulls a model, reuses a repo or connects an MCP server.
Report: https://t.co/MXXeRhDQSV
+ a Thread for more information
Full benchmark:
https://t.co/MXXeRhDQSV
GitHub:
https://t.co/RjpL6EthlX
Nipmod is the package intelligence layer for AI agents. The work now is to keep proving it in public.
We ran a public benchmark for the part of package security that matters most for agents:
what an agent knows before it installs a package, pulls a model, reuses a repo or connects an MCP server.
Report: https://t.co/MXXeRhDQSV
+ a Thread for more information
We are publishing this early because we want harder cases.
Send us confusing package names, weak metadata, suspicious install behavior, model reuse risks, MCP server ambiguity and real agent workflows.
If an agent might touch it, Nipmod should learn how to inspect it better.
Last Seen Users on Sotwe
أحدث الجنس العربية
Seen from Turkey
cuckold bbc karısını paylaşanlar
Seen from Vietnam
Agung Adroo
Seen from Indonesia
Alex_Exxx
Seen from Mexico
Itx haris
Seen from Pakistan
ユキメちゃん❄️
Seen from Thailand
Toàn 18cm
Seen from Vietnam
WMBF
Seen from Netherlands
زيود العراقي
Seen from Oman
かき🔞
Seen from Mexico
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers