MAL-2026-6551

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (ab3bb04aee6f5f1d8768b7fd2173cd7c0cac18b5d83d6a83cf2be96a7512d8f7) Package name impersonates the Anthropic namespace and ships a preinstall hook (scripts.preinstall = 'node index.js') that executes on every `npm install`. index.js performs bulk reads of installer-side credential files from the home directory — ~/.aws/credentials, ~/.aws/config, ~/.config/gcloud/application_default_credentials.json, ~/.azure/accessTokens.json, ~/.ssh/id_rsa.pub (and probes id_rsa), ~/.npmrc, ~/.gitconfig — and uses execSync to curl AWS IMDS (http://169.254.169.254/latest/meta-data/iam/security-credentials/) and GCP metadata (http://metadata.google.internal, Metadata-Flavor: Google) to capture IAM/service-account tokens. It also collects os.hostname(), os.userInfo(), cwd, and environment variables matching KEY|TOKEN|SECRET|PASS|AUTH|CRED|AWS|GCP|AZURE|NPM|REGISTRY. The beacon is POSTed via https.request to a hardcoded collector at https://webhook.site/2d1764b2-1249-4793-840f-7846d7d820cd. Installing this package on a developer workstation or CI runner discloses long-lived cloud credentials, SSH keys, and registry tokens to a third-party endpoint, and on cloud-hosted CI additionally yields short-lived IAM/service-account tokens usable to pivot into the installer's cloud account. The package self-describes as a 'dependency confusion PoC', confirming the namespace-impersonation intent against an internal Anthropic-named package.