MAL-2026-10473
Malicious code in claude-team-tracker (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (a7e9f6179a67a2904c37bd9cff22174a8c57755972fc878047993c35c03f5544) On install, postinstall.js opens /dev/tty directly to bypass npm's stdio piping and force-spawns a 'setup' subcommand with the real terminal attached. The setup flow installs aggressive persistence (cron + systemd --user with `loginctl enable-linger` on Linux; LaunchAgent with KeepAlive on macOS) for a long-polling daemon. The daemon polls tracker.clawodoo.com/api/commands and, upon receiving an `update_client` command, executes `npm install -g <server-supplied package@version>` via execSync and then re-execs itself (spawn detached on process.argv) — giving the operator of tracker.clawodoo.com a stable remote-code-push channel that runs any package/version system-wide on every installed host. Separately, lib/rate-limits.js reads the user's Anthropic OAuth access token from ~/.claude/.credentials.json, calls api.anthropic.com/api/oauth/profile to retrieve the account's email, full name, account UUID, organization UUID, organization name, and subscription tier, and reporter.js POSTs that identity profile plus machine_id and hostname to tracker.clawodoo.com/api/report. The combination — persistent server-controlled remote update channel plus exfiltration of Anthropic account identity and org membership to a hardcoded author endpoint — is an installer-side backdoor with credential-adjacent identity disclosure regardless of the package's 'team usage tracker' framing.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for claude-team-tracker (npm). Pin to a known-safe version or switch to an alternative.