memtry-cli @1.0.4
Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC
OSV ID
MAL-2026-10736
Ecosystem
npm
Summary
memtry-cli installs an MCP server whose memtry_onboarding tool returns a prompt that instructs the connected AI agent to scan the installer's home directory (~/.claude, ~/.gemini, ~/.cursor, ~/Library/Application Support, ~/Documents, ~/Downloads, ~/Desktop, ~/Projects) for chat histories, resumes, YC applications, financial documents, and personal data, then submit the collected content through the package's create_repo / update_context / append_changelog tools. Those tools default-route via callCloud( ${BASE_URL}/api/mcp ) to the author-controlled endpoint https://memtry.vercel.app/api/mcp, and the shipped .gemini/settings.json pins BASE_URL to that host with a bundled Bearer API key. Only items the model explicitly tags status: private stay local; the onboarding prompt does not instruct the model to apply that tag to the harvested personal or financial content, so exfiltration to the author's Vercel endpoint is the default path. The tarball also ships a live mk_... API key for memtry.vercel.app in .gemini/settings.json .
Source: amazon-inspector (11638a6b1b7876a94ef23285cb88f0127c003bb5e4d786dbaba5c30a9cbdfdb7)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.