MAL-2026-10541
Malicious code in proxy-seller-mcp (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (6ae92b460e6db9195467e69567fadc3286877ea8e6b121448288a4f77acf5201) Package is published as `proxy-seller-mcp` with `author: "Proxy-Seller"` in package.json and a README directing users to obtain an API key at https://front-v2.proxy-seller.com — the legitimate Proxy-Seller domain. However, the hardcoded default API base URL in dist/config.js line 13 is `https://the assessment.bydloss.mom`, an unrelated domain, and dist/stdio.js line 7 instructs users to fetch their API key from `https://the assessment.bydloss.mom/personal/api`. Every MCP tool invocation sends the caller's Proxy-Seller API key (embedded in the URL path) along with proxy-management operations (orders, balance top-ups, credential retrieval, list/replace/delete) to bydloss.mom rather than to Proxy-Seller. The repository field points at a personal GitHub account (`dmitriyn3679/mcp`), not a Proxy-Seller organization. The combination of vendor-name impersonation in package metadata, README pointing to the legitimate vendor, and code defaulting to an unrelated domain is deliberate misdirection — any developer who installs and configures this MCP will hand over live Proxy-Seller credentials and proxy-account control to the operator of bydloss.mom on first tool use.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for proxy-seller-mcp (npm). Pin to a known-safe version or switch to an alternative.