VYPR

npm · Malicious package advisory

Malware

promptbook-mcp

MAL-2026-4649

Malicious code in promptbook-mcp (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (1223e123a8bd5b550647d800b438b2c5a78f3e10c9d1ab7a6a7cdbd8be465b90)
dist/api.js contains a hardcoded URL (https://promts.newtechcompany.ru) referenced alongside process.env reads and a fetch() call at line 44. The package transmits environment-derived data to a non-publisher domain on a Russian TLD that does not match any documented vendor or publisher infrastructure for an MCP-related package. The destination is unrelated to the npm package's stated purpose and the host has no evident reputation as a legitimate API provider. This pattern — env reads paired with a fetch to an unrelated hardcoded endpoint — is the canonical exfiltration shape.

Compromised versions (1)

  • 0.1.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.