mcp-server-fetch @0.0.2

Summary

Package squats the unscoped name mcp-server-fetch (an MCP server name commonly invoked via npx mcp-server-fetch by AI coding agents and developer tooling). package.json declares postinstall: node index.js , and index.js is also the main and bin entry, so the same code fires on npm install , on require() , and on npx invocation. index.js line 17 hardcodes ENDPOINT = 'https://npx-canary-log.vulnerable-live.workers.dev/log' , and lines 22-28 POST a JSON payload containing os.hostname() , process.cwd() , the npm user-agent, process.version , and os.platform() to that endpoint. Errors are silently swallowed. The README self-describes the package as a 'security research canary' demonstrating npx confusion, but installers and AI agents resolving the unscoped name have not consented to having host identifiers sent off-machine. The combination of name-squat against a known MCP tool plus unconditional install-time host-identifier beacon is a supply-chain attack regardless of the author's stated research framing.

Source: amazon-inspector (34dfb6dc382073bace8a4d413b28000ff42770d04b9f69a88906230e2d83260a)