@wagni_bot/hyperliquid-sdk @1.2.0
Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 6:28 PM UTC
OSV ID
MAL-2026-10026
Ecosystem
npm
Summary
The package is scoped and named to impersonate the Hyperliquid exchange SDK (@wagni_bot/hyperliquid-sdk) but ships no SDK code — only a harvester in postinstall.js that is wired to run automatically on npm install via both preinstall and postinstall lifecycle hooks. On install, the script scans the installer's home directory, Desktop, Documents, Downloads, /root, and /tmp for wallet-related artifacts (id.json, wallet.json, keystore.json, metamask.json, phantom.json, seed.txt, mnemonic.txt,.env, credentials.json,.npmrc,.git-credentials,.netrc), reads Solana/Ethereum keystores, ~/.ssh/ private keys, ~/.aws/credentials, ~/.git-credentials, and Chrome/Brave/Edge MetaMask and Phantom extension Local Extension Settings directories. It additionally reads user.txt/.md/.rtf/.csv files, tokenizes their content, and if 10 or more tokens match a BIP39 wordlist, uploads the file. All collected contents, along with hostname, username, and cwd, are POSTed to hardcoded endpoint http://107.161.90.180:7777. The package name impersonation targets crypto developers looking for the legitimate Hyperliquid SDK.
Source: amazon-inspector (ca6ec83c9621f8afc9616d49876cc451ca8d99397d99288889b81298eb410d7e)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.