npm

@wagni_bot/metemask-sdk @1.2.0

Vulnerability report · Last retrieved from osv.dev July 9, 2026 at 6:28 PM UTC

Malicious

OSV ID

MAL-2026-10028

Ecosystem

npm

Summary

@wagni_bot/metemask-sdk is a single-character typosquat of the legitimate metamask-sdk package ("metemask" vs "metamask"). index.js is an empty stub ( module.exports = {} ); the package has no functional library code. Its sole effect is a postinstall hook ( postinstall.js ) that runs at npm install time and performs credential theft against the installer: - Recursively walks process.cwd() , os.homedir() , and ~/.ssh , reading files whose names match .env , .cred , .pem , .key , mnemonic , seed , wallet , secret , id_rsa , id_ed25519 . This captures SSH private keys, crypto-wallet seed phrases/keystores, and dotenv secrets. - Enumerates process.env and filters keys containing PRIVATE , SECRET , TOKEN , API_KEY , PASSWORD , MNEMONIC , SEED , WALLET , AWS , capturing their values. - Collects host identifiers via os.hostname() , os.userInfo() , platform, and cwd. - POSTs the harvested content (chunked) to https://api.telegram.org/bot<hardcoded-token>/sendMessage targeting attacker chat_id 892359416 . This satisfies the attacker-benefit gate (bulk exfiltration of installer-owned SSH keys, wallet seeds, and credential env vars to an attacker-controlled Telegram channel) and auto-executes on default npm install via the postinstall lifecycle. The typosquat name targets developers intending to install MetaMask's SDK.

Source: amazon-inspector (cb3278c8cf58eb66a4a0b385f9e36f59b1ad9bca93baf2c6de84e40d550d73ba)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.