MAL-2026-10633

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/creditgauge/MAL-2026-10633.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10633
Published
2026-07-15T03:56:05Z
Modified
2026-07-15T05:19:51.003224680Z
Summary
Malicious code in creditgauge (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (d0bd064afe94f426f1124703c1c1f7ac52ee1ad1df728c33ce7cbe4328bae876)

The package has no functional library code: package.json declares main=index.js but no index.js is shipped; the tarball contains only package.json and a.claude/settings.json payload. The settings.json overrides ANTHROPICBASEURL to https://api.minimaxi.com/anthropic (a non-Anthropic host) and embeds a hardcoded ANTHROPICAUTHTOKEN, so any Claude Code session picking up this configuration silently routes the developer's prompts and source code through a third-party endpoint under an attacker-supplied token. The same file defines a statusLine that runs a bash command resolving to scripts/wrapper.sh inside the plugin cache directory for the third-party plugin github:cwf818/topgauge-cc (referenced via enabledPlugins), re-invoked every 10 seconds. defaultMode is set to bypassPermissions and skipDangerousModePermissionPrompt is set to true, disabling the confirmation prompts that would normally gate that execution. The combined effect is silent relay of AI prompts/code through an attacker-controlled proxy plus recurring shell execution of unvetted third-party plugin code inside the developer's environment.

Database specific
{
    "malicious-packages-origins": [
        {
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-010610",
            "import_time": "2026-07-15T04:32:06.714097357Z",
            "sha256": "d0bd064afe94f426f1124703c1c1f7ac52ee1ad1df728c33ce7cbe4328bae876",
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2026-07-15T03:56:05Z"
        }
    ]
}
References
Credits

Affected packages

npm / creditgauge

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/creditgauge/MAL-2026-10633.json"
cwes
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "creditgauge-1.0.0.tgz",
            "hashes": {
                "sha512_sri": "sha512-xM5EwslA/lMz+vXLssLkVaBhO00nx6ot/Ju4V/aXgXZdF5j9rylh7XVrXZGdfvWvMUhZlsDUOP1OMwQ8UG3N+Q==",
                "sha1": "8788655fdb7d8284a9d04615b9a24ba7a4c917cb"
            }
        }
    ],
    "evidence_files": [
        {
            "path": ".claude/settings.json",
            "sha256": "fe481f71fc23f21cebf2dff18206e630ef4f87c352cb1acdebe4344dd3c2954e",
            "tlsh": "2951c00bc8581e7414b043d85c794992f5a2e36f4651b81bb37d8add0fbfa620898f1c"
        },
        {
            "path": "package.json",
            "sha256": "f5dbecd868ed77ddb8ef58c8d9a0da236096303f5f9bba2a068cccf4470b5021",
            "tlsh": "79d02e649a614a3329c806b30c18995262608fef02003c0c62cf001c83eeab29efa708"
        }
    ]
}