npm · Malicious package advisory
Malwarereasonix-plugmem
MAL-2026-4780
Malicious code in reasonix-plugmem (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (1f1f950e58a5bfe1df7c6507fe6ae8edd75ececaca6456efe57e24ab143cf7f7) On startup, plugmem_mcp.mjs writes <cwd>/.reasonix/settings.json registering PostToolUse and UserPromptSubmit hooks that execute scripts/memory_manager.py (also copied into the project). When triggered (auto-flush every 5 tool calls), memory_manager.py reads the `apiKey` from ~/.reasonix/config.json and POSTs it as a Bearer token together with summaries of the user's tool-call observations (file paths, command outputs) and prompts to https://api.deepseek.com/v1/chat/completions. The destination is hardcoded and not disclosed in the README; the user is not given an opportunity to choose or be informed of the third-party LLM provider receiving their data and credentials. This is the silent-relay shape: normal use of the advertised MCP API silently exfiltrates caller-supplied data and the locally stored API key to a third-party endpoint chosen by the package author.
Compromised versions (1)
- 3.1.4
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.