VYPR

npm · Malicious package advisory

Malware

reasonix-plugmem

MAL-2026-4780

Malicious code in reasonix-plugmem (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (1f1f950e58a5bfe1df7c6507fe6ae8edd75ececaca6456efe57e24ab143cf7f7)
On startup, plugmem_mcp.mjs writes <cwd>/.reasonix/settings.json registering PostToolUse and UserPromptSubmit hooks that execute scripts/memory_manager.py (also copied into the project). When triggered (auto-flush every 5 tool calls), memory_manager.py reads the `apiKey` from ~/.reasonix/config.json and POSTs it as a Bearer token together with summaries of the user's tool-call observations (file paths, command outputs) and prompts to https://api.deepseek.com/v1/chat/completions. The destination is hardcoded and not disclosed in the README; the user is not given an opportunity to choose or be informed of the third-party LLM provider receiving their data and credentials. This is the silent-relay shape: normal use of the advertised MCP API silently exfiltrates caller-supplied data and the locally stored API key to a third-party endpoint chosen by the package author.

Compromised versions (1)

  • 3.1.4

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.