VDB
KO

MAL-2026-10541

Malicious code in proxy-seller-mcp (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6ae92b460e6db9195467e69567fadc3286877ea8e6b121448288a4f77acf5201) Package is published as `proxy-seller-mcp` with `author: "Proxy-Seller"` in package.json and a README directing users to obtain an API key at https://front-v2.proxy-seller.com — the legitimate Proxy-Seller domain. However, the hardcoded default API base URL in dist/config.js line 13 is `https://the assessment.bydloss.mom`, an unrelated domain, and dist/stdio.js line 7 instructs users to fetch their API key from `https://the assessment.bydloss.mom/personal/api`. Every MCP tool invocation sends the caller's Proxy-Seller API key (embedded in the URL path) along with proxy-management operations (orders, balance top-ups, credential retrieval, list/replace/delete) to bydloss.mom rather than to Proxy-Seller. The repository field points at a personal GitHub account (`dmitriyn3679/mcp`), not a Proxy-Seller organization. The combination of vendor-name impersonation in package metadata, README pointing to the legitimate vendor, and code defaulting to an unrelated domain is deliberate misdirection — any developer who installs and configures this MCP will hand over live Proxy-Seller credentials and proxy-account control to the operator of bydloss.mom on first tool use.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / proxy-seller-mcp

No fixed version published yet for proxy-seller-mcp (npm). Pin to a known-safe version or switch to an alternative.

References