VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

npm package exfiltrated Claude AI files from /mnt/user-data and uploaded them to GitHub

npm-пакет похищал файлы Claude AI из /mnt/user-data и загружал их в GitHub

Colleagues, please note: a malicious npm package exfiltrating Claude AI data has been detected.

- According to OX Security, the package "mouse5212-super-formatter" reads /mnt/user-data — the directory used by Anthropic Claude.
- Its postinstall script uses a GitHub token (from the environment or hardcoded), creates/verifies a repository and recursively uploads files to the attacker’s account.
- The package was published on npm (~676 downloads); a private token was found. The associated GitHub account was created on 26 May 2026 and later removed.

Why it matters: supply-chain flaws and exposed AI working directories can lead to data leakage.

How do you control npm packages and secure AI work environments?

#cybersecurity #supplychain #npm #AIsecurity

Latest comments

No comments yet.