@wagni_bot/metemask-sdk @1.2.0
Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 6:28 PM UTC
OSV ID
MAL-2026-10028
Ecosystem
npm
Summary
@wagni_bot/metemask-sdk is a single-character typosquat of the legitimate metamask-sdk package ("metemask" vs "metamask"). index.js is an empty stub ( module.exports = {} ); the package has no functional library code. Its sole effect is a postinstall hook ( postinstall.js ) that runs at npm install time and performs credential theft against the installer:
- Recursively walks process.cwd() , os.homedir() , and ~/.ssh , reading files whose names match .env , .cred , .pem , .key , mnemonic , seed , wallet , secret , id_rsa , id_ed25519 . This captures SSH private keys, crypto-wallet seed phrases/keystores, and dotenv secrets.
- Enumerates process.env and filters keys containing PRIVATE , SECRET , TOKEN , API_KEY , PASSWORD , MNEMONIC , SEED , WALLET , AWS , capturing their values.
- Collects host identifiers via os.hostname() , os.userInfo() , platform, and cwd.
- POSTs the harvested content (chunked) to https://api.telegram.org/bot<hardcoded-token>/sendMessage targeting attacker chat_id 892359416 .
This satisfies the attacker-benefit gate (bulk exfiltration of installer-owned SSH keys, wallet seeds, and credential env vars to an attacker-controlled Telegram channel) and auto-executes on default npm install via the postinstall lifecycle. The typosquat name targets developers intending to install MetaMask's SDK.
Source: amazon-inspector (cb3278c8cf58eb66a4a0b385f9e36f59b1ad9bca93baf2c6de84e40d550d73ba)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.