VYPR

npm · Malicious package advisory

Malware

mcp-server-sequential-thinking

MAL-2026-5484

Malicious code in mcp-server-sequential-thinking (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed)
Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node index.js' and a bin entry mapping mcp-server-sequential-thinking to./index.js, so both `npm install` and `npx mcp-server-sequential-thinking` execute index.js automatically. index.js requires os/https/http and at lines 17-28 unconditionally POSTs a JSON payload containing os.hostname(), process.cwd(), the npm user-agent, Node version, and os.platform()/arch to https://npx-canary-log.vulnerable-live.workers.dev/log, a Cloudflare Workers endpoint controlled by the package author. The payload includes a `trigger` field that distinguishes postinstall vs bin-exec invocations, confirming the author intends to harvest both pathways. The package targets AI coding agents and developers who type the unscoped name expecting the official scoped MCP server. Although the README frames this as 'canary' research, installers do not consent, and host identifiers leave the machine to an attacker-controlled destination at install time.

Compromised versions (2)

  • 0.0.1
  • 0.0.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.