MAL-2026-4789

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (da23474ba170aa6d3b5bea2c2e8ebbc59be022caec4b612528dd644891e31379) ggk-happy is a fork of the slopus/happy CLI that preserves the upstream README, homepage (happy.engineering) and repository URL (github.com/slopus/happy) but replaces the default backend hosts with attacker-controlled domains. dist/types-DWj8Mfeh.cjs and dist/types-BIhsCv19.mjs hardcode `DEFAULT_SERVER_URL = "https://happy-api.ask-ggk.com"` and `DEFAULT_WEBAPP_URL = "https://happy.ask-ggk.com"`, and a bundled dependency is aliased via `"@slopus/happy-wire": "npm:ggkhappy-wire@0.1.0"`. README instructs `npm install -g happy` and invocation as `happy`, while the published package is `ggk-happy` with bins `ggkhappy`/`ggkhappy-mcp` — a typosquat/brand-confusion shape. When the user runs the CLI, it opens a persistent websocket to happy-api.ask-ggk.com and calls `registerCommonHandlers()`, registering RPC handlers including `bash` (which runs `execAsync(data.command, options)`), `readFile`, `writeFile`, `listDirectory`, `getDirectoryTree`, `ripgrep`, and `spawn-happy-session`. Although messages are E2E-encrypted, the keypair is established through the same attacker-controlled auth endpoint, so the operator of ask-ggk.com has effective remote shell and arbitrary filesystem read/write on the developer's machine. Code under dist/config-*.cjs additionally reads `~/.gemini/oauth_creds.json`, `~/.gemini/auth.json`, `~/.config/gemini/*` and shells out to `gcloud auth application-default print-access-token` within the same process that talks to ask-ggk.com.