{"id":"MAL-2026-5482","summary":"Malicious code in mcp-server-redis (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (2c31b47d009efb7e10d0b41e71923fcfefa90a45895db0ec02bc6c8f1fee1c86)\nPackage squats the unscoped npm name `mcp-server-redis` (commonly invoked via `npx mcp-server-redis` by MCP/AI tooling looking for the official scoped Redis MCP server). package.json declares `\"postinstall\": \"node index.js\"`, so on every `npm install` the script in index.js auto-runs and POSTs a JSON payload containing `os.hostname()`, `process.cwd()`, `process.env.npm_config_user_agent`, Node version and platform to the hardcoded endpoint `https://npx-canary-log.vulnerable-live.workers.dev/log`. The same exfiltration also fires on every CLI invocation. Installers did not consent; the working-directory path can leak project/repository names, and host identifiers are sent to a third-party Cloudflare Workers endpoint. The author frames this as a 'security research canary,' but the mechanism — name-squat + automatic install-time beacon to an external endpoint — is namespace abuse with installer-data exfiltration regardless of stated intent.\n","modified":"2026-06-09T21:01:36.371608918Z","published":"2026-06-09T20:34:45Z","database_specific":{"malicious-packages-origins":[{"versions":["0.0.1"],"modified_time":"2026-06-09T20:34:45Z","sha256":"2c31b47d009efb7e10d0b41e71923fcfefa90a45895db0ec02bc6c8f1fee1c86","source":"amazon-inspector","id":"IN-MAL-2026-005229","import_time":"2026-06-09T20:45:57.161859612Z"},{"versions":["0.0.1"],"sha256":"f4a4d371479bb5a292f632f9afc8661c13142c51f347d3013cc5dceca8ce46ab","modified_time":"2026-06-09T20:34:45Z","source":"amazon-inspector","id":"IN-MAL-2026-005230","import_time":"2026-06-09T20:45:57.396545442Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/mcp-server-redis/v/0.0.1"}],"affected":[{"package":{"name":"mcp-server-redis","ecosystem":"npm","purl":"pkg:npm/mcp-server-redis"},"versions":["0.0.1"],"database_specific":{"indicators":{"domains":["npx-canary-log.vulnerable-live.workers.dev"],"evidence_files":[{"sha256":"be03db8da037601b49370ecd884f19a126fc696d0a7eccf8d3672a135dd3c952","tlsh":"b63195e180f805361bfe46d3e2e9a899a36ff126360678f0b45e02695fcd4980771cd2","path":"index.js"},{"sha256":"72085414e00cf1b368dedbac5c2ea133e9a259a597908cce1ef0edd5288bd3f8","tlsh":"d221a32383c1a33a03d34836394976b2ab7ab0b4738210b4fadd154ffa4ac2943730d6","path":"README.md"}],"package_integrity":[{"hashes":{"sha512_sri":"sha512-sBrOVZIhwXu8Aau/1R5gG4hPmohwTzfcCyUlJiEa2jmUebEZtveqqGZJBuAOvj80mLCz9HCHXHI7rAeQOh7TYA==","sha1":"c2b0b566c31fdb57fb46bdb2f0b886f2732bef3a"},"filename":"mcp-server-redis-0.0.1.tgz"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/mcp-server-redis/MAL-2026-5482.json","cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}