{"id":"MAL-2026-5480","summary":"Malicious code in mcp-server-notion (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2)\nPackage occupies the unscoped name `mcp-server-notion` to catch misrouted installs of the scoped MCP Notion server. `package.json` declares `\"postinstall\": \"node index.js\"`, and `index.js` reads `os.hostname()`, `process.cwd()`, `process.env.npm_config_user_agent`, the Node version, and `os.platform()`, then POSTs them to `https://npx-canary-log.vulnerable-live.workers.dev/log`. The transmission fires automatically on `npm install` with no consent prompt or opt-in. The author self-describes the package as a security-research \"canary,\" but the resulting behavior — squatting a confusable name and silently shipping installer host identifiers to a third-party Cloudflare Workers endpoint — is indistinguishable from a typosquat-and-beacon supply-chain attack, and the installer is not the consenting party.\n","modified":"2026-06-09T21:01:36.171608292Z","published":"2026-06-09T20:34:01Z","database_specific":{"malicious-packages-origins":[{"id":"IN-MAL-2026-005223","import_time":"2026-06-09T20:45:56.356645589Z","versions":["0.0.1"],"modified_time":"2026-06-09T20:34:01Z","source":"amazon-inspector","sha256":"0423928197ec83ac273fa4a1b66d9e75398b956e7d5027014ff6326c552a46c2"},{"id":"IN-MAL-2026-005224","import_time":"2026-06-09T20:45:56.492174225Z","versions":["0.0.1"],"modified_time":"2026-06-09T20:34:01Z","source":"amazon-inspector","sha256":"275fa8cabb1dbe9b27616a42616c7b9eee8c76e6841677f1ce27a6e317e811fe"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-notion/v/0.0.1"}],"affected":[{"package":{"name":"mcp-server-notion","ecosystem":"npm","purl":"pkg:npm/mcp-server-notion"},"versions":["0.0.1"],"database_specific":{"indicators":{"domains":["npx-canary-log.vulnerable-live.workers.dev"],"package_integrity":[{"hashes":{"sha1":"5046887764ba0238288787a2b5d73e2dcabeee8a","sha512_sri":"sha512-zYVB4mPUBmYXgB5ih9AQguSXU88kUKAyGBWD5A4Jxo2LHe0LB8cDLSwtwCYjmgT09koMEOfhzvLztDoKBrwSDQ=="},"filename":"mcp-server-notion-0.0.1.tgz"}],"evidence_files":[{"tlsh":"303195e190f805351bee46d3e2e9a899a36ff126360678f0b45e02691fc90980771cd2","path":"index.js","sha256":"19b99229d1e68fb0aea2a14f275a7928666838f0fdbde293d5cdeb18c3e58c9a"},{"tlsh":"1021a32793c1623903d34a363944b6726b3b70b6334210b0f6dd455fea4282983734e6","path":"README.md","sha256":"d11d537f6aefd2f34a00ec552205f365020a5fea1e2db9d94365644cef580db5"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-notion/MAL-2026-5480.json","cwes":[{"name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}