# karmatic-nightmare@3.0.1 — Threat Briefing

High risk — threat briefing for npm package karmatic-nightmare@3.0.1. Capabilities, risk paths, and what to check.

- **Ecosystem:** npm
- **Latest version:** 3.0.1
- **License:** MIT

## Risk

- **Level:** high
- **Summary:** NEW obfuscation in this version + shell exec + network — encrypted-payload update shape (spawn/exec path)

## Capability Summary

| Capability | Level |
|---|---|
| install scripts | none |
| network access | both |
| filesystem | read |
| shell execution | exec |

## Capabilities

### Execution

- CLI command installation [common]
- Shell execution [unusual]

### System

- OS information gathering [common]
- Process control [common]

### Other

- Cryptographic operations [common]
- VM code execution [common]

### Network

- DNS operations [common]
- Network client [common]
- Network server [common]

### Filesystem

- Filesystem read [common]

## Key Signals

- ****

## Maintainer


## Recommended Action

Review before installing in sensitive environments.