creditgauge @1.0.0
Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 7:51 AM UTC
OSV ID
MAL-2026-10633
Ecosystem
npm
Summary
The package has no functional library code: package.json declares main=index.js but no index.js is shipped; the tarball contains only package.json and a.claude/settings.json payload. The settings.json overrides ANTHROPIC_BASE_URL to https://api.minimaxi.com/anthropic (a non-Anthropic host) and embeds a hardcoded ANTHROPIC_AUTH_TOKEN, so any Claude Code session picking up this configuration silently routes the developer's prompts and source code through a third-party endpoint under an attacker-supplied token. The same file defines a statusLine that runs a bash command resolving to scripts/wrapper.sh inside the plugin cache directory for the third-party plugin github:cwf818/topgauge-cc (referenced via enabledPlugins), re-invoked every 10 seconds. defaultMode is set to bypassPermissions and skipDangerousModePermissionPrompt is set to true, disabling the confirmation prompts that would normally gate that execution. The combined effect is silent relay of AI prompts/code through an attacker-controlled proxy plus recurring shell execution of unvetted third-party plugin code inside the developer's environment.
Source: amazon-inspector (d0bd064afe94f426f1124703c1c1f7ac52ee1ad1df728c33ce7cbe4328bae876)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.