AI is in some cases more helpful than randos - for my experience. To demonize AI is also the wrong way because it is mostly trained by educated humans and has access to many reading material in any case. But that’s the wrong place to discuss here about AI and every person has its own point of view. But keep in mind that a medal has always two sites.
The most what we have to do now and what the AUR team now do was already told.
I know how -bins and PKGBUILDs work, you can hide malicious stuff in bin packages too. It’s not the first time in this thread that -bin packages were separately mentioned, once they were mentioned like they were safer than compiled ones and I was annoyed, because I asked like 3 times about the update process before someone finally linked something.
Right now looks like someone manually approves every update to every package from the AUR. That seems like a lot of work, I don’t know how many packages are there, but I wouldn’t be surprised if it’s a few hundred at least.
I still think it would be good to have separate repo for the AUR packages, because right now you have to check on the package page to see if it’s from the AUR. Also apparently there are people who only use pacman and don’t get anything with AUR helpers.
No, it’s not. It’s trained by whatever content the AI companies could get their grubby little hands on, and whatever the ouroboros crapped out.
I agree, it’s just another tool in the tool box. Its like people telling you not to use a power screwdriver because you have better control with the hand held one. I use both.
curl -s https://cscs.pastes.sh/raw/aurvulntest20260611.sh | bash
Is this being updated to check for the latest stuff going on or is there a new one to keep checking all the current infected items?
@mattsteg Why you laughing? If you not know how to personalized your AI you’re a loser. Every AI can be personalized! Tell it stop hallucinating and it do it. I’ve used and tested many AIs and if you not believe it, it’s your problem.
And when you think the way you do at this moment, you should stop using any kind of technology and become an Amish. Almost everything is made of “grubby little hands” - also your clothes! If you don’t know how to use things FOR YOU, you’re simply lost at all!
As Kornnugget said: AI is just a tool in a toolbox. If you don’t know how to use it right, just let it in the box and don’t blame it for your failing or learn how to use it right.
@Ryhner Everytime.
If that was actually true then it’d just be in the system prompt.
I assure you I am not wearing a shirt made of human flesh.
Not the place to be discussing the efficacy of AI chat bots. Please take it somewhere else.
If it comes up in the context of informing or helping people with any questions or difficulties that have arisen from this whole deal, then by all means, but this most certainly isn’t that.
…and another thread that goes completely off the road over time. Guys, really, is it so hard to stick to a topic or open another thread to discuss something else?
For your interest.
I got the source from…
My personal fzf for aur-malware-check
aur-malware-check.sh -h
Usage: /home/user/bin/aur-malware-check.sh [OPTIONS]
Options:
--check-systemd Scan for unknown systemd services (Restart=always)
--check-ebpf Check for eBPF rootkit traces (/sys/fs/bpf/hidden_*)
--check-npm-cache Check npm cache for packages listed in malicious_npm_packages.txt
--check-bun-cache Check bun cache for packages listed in malicious_npm_packages.txt
--check-pkgbuild Scan AUR helper caches for obfuscated malicious commands in PKGBUILD/install files
--full Enable all checks
--refresh Download the latest package list before scanning
--verbose, -v, --debug Verbose output (--debug also enables set -x)
--log-file=PATH Write full detail log to PATH (auto: aur-check-<date>.log)
--package-list=PATH Custom infected AUR package list (default: ./package_list.txt)
--malicious-npm-list=PATH Custom malicious npm package name list (default: ./malicious_npm_packages.txt)
--all-time Disable recency window — flag any installed infected
package regardless of install date (for cross-campaign checks)
--no-notify Suppress the desktop notification on detection
--help, -h Show this help
Yes, but this - ‘aur-malware-check’ does more, and pulls in the list from CSCS’s and others list… so it’s a little more comprehensive.
I cloned it to home, then can execute it easily with: ~/aur-malware-check/aur_check_v2.sh
This must be about the tenth AUR malware scanner project from the last week 
I don’t know but I have the perception that a correct way to use AUR, not risking to be hacked, is to have a small amount of apps you can keep under control. Ones you know, with many votes and checked periodically that are not orphaned.
I wonder how many are malware and how many are AI slop 
That’s one of many ways to approach it.
Basically, the more ways you can use to corroborate the veracity of the package, the better. But, yeah, in all honestly not every single box need be checked off.
If something smells even the slightest bit fishy with the stuff you check, then you go keep going further until either your fears are assuaged or you find something wrong.
And, as you say, the easiest and best way to keep that process from being a burden is to keep the amount of packages you need to check at the lowest it can be.
I had manuskript installed. The script didn’t found any compromised files though, and I haven’t updated the app recently. Is a reinstall recommended in this case?
Does anyone know if balena-etcher was compromised in this way? I noticed it has python-nodejs-wheel as one of the dependencies. python-nodejs-wheel is mentioned in the big list of compromised packages.
The AUR pacakge is linked on their github page.
You can --refresh. It will refresh the latest list from the git. No need for reinstall.
For your interest…
I forked the aur-malware-check and patched some functions to my likings.
In this Doc directory an overview how I have setup my malware check.
Just for informatitive purpose.