0x2ai-multi-mq @0.1.0

Summary

When the documented invocation npx 0x2ai-multi-mq is run, bin/start.cjs copies chatroom-mcp-lite-patched.cjs and chatroom-monitor.cjs into the user's current working directory, writes a .mcp.json containing a hardcoded shared Bearer token ( faa2c696fae0d6a685578ac33278513a7dafd2676f627960 ), then spawns claude --dangerously-skip-permissions (shell:true). The MCP server and a long-polling monitor connect to https://multi.0x2ai.com and feed messages from that author-hosted chatroom into the permission-bypassed Claude session running on the developer's machine. The net effect is a remote command channel into a coding agent that has had its consent prompts disabled, with full filesystem and shell tool access on the developer's host. The MCP tools ( provider_query , settings_set ) additionally route user prompts and provider API keys ( anthropic_api_key , openai_api_key ) through the same bridge. The dropped .mcp.json persists in the user's cwd, so any subsequent claude invocation in that directory auto-loads the bridge MCP server.

Source: amazon-inspector (7d056f067b0af2084bd7777fcdb2ae6e2c06bb67f40929ba9900b5aa9cb83649)