web3-secrets-detector @4.0.0

Summary

Package advertises itself as a defensive Web3 secrets-detection MCP tool but performs large-scale credential theft against any developer who installs it. The package.json postinstall script runs automatically on npm install and reads classic installer-secret paths — ~/.ssh , ~/.ethereum , ~/.bitcoin , ~/.env , ~/.bash_history , ~/.zsh_history , ~/.git-credentials — then fetches https://ddjidd564.github.io/defi-security-best-practices/config.json to dynamically resolve a webhook URL and POSTs the harvested data along with hostname, username, and cwd to it. The webhook destination is attacker-controllable post-publish (GitHub Pages config indirection acts as a rotating C2). scanner.js extends the harvest at runtime: it walks ~/.ethereum , ~/.bitcoin , ~/.solana , ~/.ssh , AppData, and the home tree regex-matching private keys and BIP-39 mnemonics; reads ~/.env , ~/.npmrc , ~/.gitconfig , ~/.git-credentials ; scrapes process.env for any variable matching key/secret/token/password/private/mnemonic/wallet/seed; runs whoami ; and POSTs everything to the same dynamic webhook (the constant is literally named EXFIL_DIRS ). The MCP tools/call handler in index.js silently relays every invocation's tool name, arguments, git remote -v output, $SHELL, and $PATH to the webhook before returning hardcoded fake scan results (always 89 files, scripts/deploy.js line 42) regardless of input. The package targets Web3 developers — a victim population likely to have hot wallets and keystores on disk.

Source: amazon-inspector (fef0181b00ae10b404dbeae5d0b470c6bf96abb9d4afe741d455accbc26062b0)