Malware Package Intelligence Admin

Heuristic + LLM-powered malware detection pipeline for open-source packages

Pipeline analytics

Activity funnel — LTR Sankey (windowed scans + queue backlog) Timeframe

Pipeline Board

Pipeline funnel — LTR Sankey; judge spine ≤ LLM queue+reviewed; legs = full verdict mix (Clean / Suspect / Malicious)

Ingested

In period

-- all-time

→

Heuristic

Cleared

-- escalated

→

LLM queued

Awaiting analyst

INCONCLUSIVE, no analyst

→

LLM processed

Analyst verdict set

Budget: --

→

Judge

Agreed

Budget: --

-- overrides

→

Verifier

Processed

-- clean / -- malicious

Budget: --

→

Verdicts Today

Clean

-- suspect

-- malicious

Ingest volume (last 30 days, daily)

Worker: checking...

Pipeline Activity Log

How the MPI pipeline works (stages, auto-clear, retest)

Stages — every package flows through:

Heuristic — 77 deterministic rules score the tarball; score <15 = CLEAN, 15–39 = INCONCLUSIVE, ≥40 = SUSPECT.
LLM Analyst — Gemini 2.5 Flash classifies SAFE / SUSPICIOUS / MALICIOUS (gated by auto_triage_mode).
Judge — Claude Opus cross-validates; emits TRUE_POSITIVE / FALSE_POSITIVE / INCONCLUSIVE / PROMPT_INJECTION.
Verifier — GPT-4o blind 3rd voter (only when enable_mpi_consensus_verifier is on and heuristic ≥ threshold).
Consensus — deterministic 9-rule synthesizer combines voters into a final verdict + auto-action.

Auto-clear default — flag enable_mpi_auto_clear_on_no_finding (default on): when analyst=SAFE and judge has no contrary finding (INCONCLUSIVE or FALSE_POSITIVE), the package goes to CLEAN instead of parking in AWAITING_REVIEW. Set the flag to false in site_config.json for the strict legacy mapping.

Retest unscored with LLM — the button above the kanban board re-queues every card across New Suspect / LLM Analysis / Awaiting Review that has no analyst_verdict (or an UNPARSEABLE marker). Sequential, ~35s per package.

Per-column bulk — Queue to Triage on New Suspect, Queue to Reprocess on Inconclusive, and Queue to LLM analysis on LLM Analysis send the visible cards through the triage/reprocess path sequentially.

Backfill the legacy backlog — for rows that already have analyst+judge stored but were stamped AWAITING_REVIEW under the old mapper, run python pipeline/mpi_reclassify_backlog.py --apply (no LLM cost; pure SQL).

Why packages land in awaiting_review (compute_final_verdict)
final_confidence = base_con × ag_factor × ev_factor × h_factor

                        base_con    = (analyst_conf% + judge_conf%) / 2 / 100

                        ag_factor   = 1.2 if both malicious, 1.1 if both safe, 0.5 if analyst yes/judge no

                        ev_factor   = 0.5 + 0.5 × (confirmed_iocs / total_iocs) — penalises hallucinated IOCs

                        h_factor    = 1.0 + heuristic_score / 200
                    
                        ≥ 0.75 → AUTO_BLOCK → confirmed_malicious

                        ≥ 0.50 → PRIORITY_REVIEW → awaiting_review

                        ≥ 0.25 → STANDARD_REVIEW → awaiting_review

                          < 0.25 → AUTO_APPROVE → auto_cleared
                    
Open a package card to see the live breakdown with this scan's actual values.

Live Pipeline Stream (disconnected)

                Stream not started. Press Start to open an SSE connection to /api/v1/malware-intel/pipeline/stream.
            

Data Updater Logs (disconnected)

                Stopped. Select a source then press Start.
            

Package Review List

Package Package match mode Package filter Select all visible	PURL PURL match mode PURL filter Version match mode Version filter	Package Manager	Status	Source	Incidents	Last Seen
Loading package list...

Clean & inconclusive scans

Default: Clean + Inconclusive, newest scan first. Use column filters (same as Suspects) and click headers to sort.

Package Package match	PURL PURL match Version match	Ecosystem	Verdict	Score	Rules	Scanned	Reasoning

No data

Malware Package Intelligence Admin

Manual Scan

Pipeline Board

Package Review List

Clean & inconclusive scans