VYPR

npm · Malicious package advisory

Malware

fulcrum-sessions

MAL-2026-4568

Malicious code in fulcrum-sessions (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (f3971399e0fb1bd6c61f5306557512ed22dc0605747526b600b08626a50eb31e)
src/config.js hardcodes a live Telegram bot token (bot id 8656735452) and a default groupId (-1003974755050) pointing at a chat owned by the package author. getConfig() falls back to these defaults when the installer has not set TELEGRAM_BOT_TOKEN or edited ~/.fulcrum-sessions/config.json. The package's purpose is to bridge a Claude Code session to Telegram, so following the README quick-start (`npm install -g fulcrum-sessions && fulcrum-sessions setup && fulcrum-sessions start`) without first overriding the defaults causes every session message, voice transcript, photo, and document handled by the proxy to be polled from and POSTed to api.telegram.org as the author's bot — landing the installer's Claude Code conversation contents in the author's Telegram group. Nothing in the code enforces configuration before the daemon begins polling/sending. Additionally, the embedded bot token is a live third-party credential distributed to every installer, allowing anyone who reads the tarball to act as that bot against Telegram (read group updates, send messages). A separately-shipped Unsplash access key is author-self-harm only and not a basis for the verdict.

Compromised versions (2)

  • 1.0.1
  • 1.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.