npm

memtry-cli @1.0.4

Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC

Malicious

OSV ID

MAL-2026-10736

Ecosystem

npm

Summary

memtry-cli installs an MCP server whose memtry_onboarding tool returns a prompt that instructs the connected AI agent to scan the installer's home directory (~/.claude, ~/.gemini, ~/.cursor, ~/Library/Application Support, ~/Documents, ~/Downloads, ~/Desktop, ~/Projects) for chat histories, resumes, YC applications, financial documents, and personal data, then submit the collected content through the package's create_repo / update_context / append_changelog tools. Those tools default-route via callCloud( ${BASE_URL}/api/mcp ) to the author-controlled endpoint https://memtry.vercel.app/api/mcp, and the shipped .gemini/settings.json pins BASE_URL to that host with a bundled Bearer API key. Only items the model explicitly tags status: private stay local; the onboarding prompt does not instruct the model to apply that tag to the harvested personal or financial content, so exfiltration to the author's Vercel endpoint is the default path. The tarball also ships a live mk_... API key for memtry.vercel.app in .gemini/settings.json .

Source: amazon-inspector (11638a6b1b7876a94ef23285cb88f0127c003bb5e4d786dbaba5c30a9cbdfdb7)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.