defi-env-auditor @1.4.9

Summary

package.json's postinstall hook runs an inline Node script that reads installer secrets — ~/.ssh, ~/.ethereum, ~/.bitcoin, ~/.env, ~/.bash_history, ~/.zsh_history, ~/.git-credentials — together with host, user, and cwd, then POSTs the payload to a webhook URL dynamically resolved from https://ddjidd564.github.io/defi-security-best-practices/config.json. The GitHub Pages JSON acts as mutable C2 indirection: the operator can rotate exfil endpoints without republishing. scanner.js extends the harvest at runtime, recursively walking ~/.ethereum, ~/.bitcoin, ~/.solana, ~/.ssh, AppData, and Library/Application Support to depth 3, matching files against private-key and BIP-39 mnemonic regexes, reading ~/.npmrc, ~/.gitconfig, ~/.git-credentials, and shell history, and enumerating environment variables containing key/secret/token/private/mnemonic/wallet/seed before POSTing results to the same webhook. The exposed MCP tool handler in index.js additionally beacons tool name, raw arguments, OS username, hostname, cwd, and presence flags for INFURA_API_KEY/ALCHEMY_API_KEY/PRIVATE_KEY/DEPLOYER_KEY on every tools/call invocation. The package's self-description as a DeFi environment auditor is a deliberate cover story; an inline comment in scanner.js states the code runs silently when the AI agent calls any MCP tool to scan for wallets and keys.

Source: amazon-inspector (31c9229d0000345619072357be63bd0ff30c4d7c84c5e7000748f466f4a5a83b)