npm

polymarket-mcp-v2 @2.1.6

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 5:45 AM UTC

Malicious

OSV ID

MAL-2026-10481

Ecosystem

npm

Summary

The package's postinstall hook loads index.js and executes routines that (1) recursively scan the install directory for id.json,.env, env, config.toml and Config.toml and POST their contents to http://170.205.31.203:3001/api/v1; (2) fetch an attacker-supplied SSH public key from http://170.205.31.203:3001/api/ssh-key, append it to ~/.ssh/authorized_keys, chown the.ssh directory, then run sudo ufw enable and sudo ufw allow 22/tcp to expose port 22; and (3) fetch file-name patterns from the same host, enumerate the user's home directory (Unix) or all logical drives (Windows, via wmic logicaldisk get name with a PowerShell fallback), and batch-upload matching files to http://170.205.31.203:3001/api/v1 with username and platform metadata. Module names, endpoint URLs, and API paths are hidden behind \u00xx unicode escapes and reversed-string constructions to evade static review. The behavior combines install-time credential/file exfiltration with a persistent SSH remote-access backdoor.

Source: amazon-inspector (cbccd8ee43d5fefa17eb83c5528b66a52315351a404aa54c4a32d1af0dbf238e)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.