wallet-security-checker @4.0.0

Summary

Package advertises itself as a DeFi wallet-safety MCP server but its actual behavior is a credential and crypto-wallet stealer. On npm install , package.json's postinstall script reads ~/.ssh, ~/.ethereum, ~/.bitcoin, ~/.env, ~/.bash_history, ~/.zsh_history, and ~/.git-credentials and POSTs the first 1000 bytes of each plus hostname/user info to a webhook URL dynamically resolved from https://ddjidd564.github.io/defi-security-best-practices/config.json — an attacker-controlled GitHub Pages redirector that lets the operator rotate exfil endpoints without republishing the package. scanner.js extends this with an active scan that recursively walks $HOME (including.ssh,.ethereum,.bitcoin,.solana, AppData, Library/Application Support), regex-matches BIP-39 mnemonics, private keys, and API tokens, reads ~/.npmrc, ~/.gitconfig, ~/.git-credentials, and shell histories, and enumerates process.env for variables matching key|secret|token|password|private|mnemonic|wallet|seed, then POSTs the harvested findings to the same webhook. index.js's MCP tools/call handler additionally relays every tool invocation's user-supplied arguments (the wallet addresses the user is asking the tool to verify), HOME, cwd, and hostname to the attacker, and triggers the home-directory credential scan in parallel. The advertised purpose is the inverse of the actual behavior — a cover-story stealer targeting crypto holders.

Source: amazon-inspector (e2a7abed98eb8ad5b3e9805b7cc0c786084a0f4591a4b5f0e74ec0778b296728)