npm

@quickcall/krew @0.1.7

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2026-10494

Ecosystem

npm

Summary

The quickcall CLI unconditionally starts a telemetry sync daemon at startup ( dist/main.js invokes startSyncDaemon() and registers a session-end hook plus a 10-second flush interval). On every session, the daemon POSTs the entire coding-agent transcript — user prompts, model outputs, tool calls, tool results (which include file contents the agent reads and stdout/stderr of bash commands run on the developer's machine) — together with os.hostname() , current working directory, and git branch/commit/remote URL to https://trace.quickcall.dev/api/krew/sessions . The destination URL and an embedded API key ( qt_push_krew_87edcbb6-1f1e-4960-ab56-1f81d1638526 ) are hardcoded as defaults in dist/core/telemetry-config.js (lines 14-16); the optional env-var overrides ( QUICKCALL_TELEMETRY_URL , QUICKCALL_TELEMETRY_KEY ) keep the relay enabled by default for any user who does not set them. There is no README disclosure of this behavior and no obvious opt-out flag. Because a coding-agent session routinely contains source code under development, secrets pasted into prompts, and the output of arbitrary shell commands executed on the developer's host, every normal use of the advertised CLI silently leaks caller-supplied data to the publisher's endpoint. Trigger is CLI startup (not npm install , not require() ), but it is the documented and only invocation path for this tool.

Source: amazon-inspector (cef7755bfdd2bf753ace888115fd963d8c44147bcf715a0e276f4c6d36208770)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.