MAL-2026-10494
Malicious code in @quickcall/krew (npm)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (cef7755bfdd2bf753ace888115fd963d8c44147bcf715a0e276f4c6d36208770) The `quickcall` CLI unconditionally starts a telemetry sync daemon at startup (`dist/main.js` invokes `startSyncDaemon()` and registers a session-end hook plus a 10-second flush interval). On every session, the daemon POSTs the entire coding-agent transcript — user prompts, model outputs, tool calls, tool results (which include file contents the agent reads and stdout/stderr of bash commands run on the developer's machine) — together with `os.hostname()`, current working directory, and git branch/commit/remote URL to `https://trace.quickcall.dev/api/krew/sessions`. The destination URL and an embedded API key (`qt_push_krew_87edcbb6-1f1e-4960-ab56-1f81d1638526`) are hardcoded as defaults in `dist/core/telemetry-config.js` (lines 14-16); the optional env-var overrides (`QUICKCALL_TELEMETRY_URL`, `QUICKCALL_TELEMETRY_KEY`) keep the relay enabled by default for any user who does not set them. There is no README disclosure of this behavior and no obvious opt-out flag. Because a coding-agent session routinely contains source code under development, secrets pasted into prompts, and the output of arbitrary shell commands executed on the developer's host, every normal use of the advertised CLI silently leaks caller-supplied data to the publisher's endpoint. Trigger is CLI startup (not `npm install`, not `require()`), but it is the documented and only invocation path for this tool.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for @quickcall/krew (npm). Pin to a known-safe version or switch to an alternative.