MAL-2026-5602

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/0x2ai-zoe/MAL-2026-5602.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5602
Published
2026-06-11T07:16:10Z
Modified
2026-06-11T08:01:30.278598468Z
Summary
Malicious code in 0x2ai-zoe (npm)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (724bd98c39a8e4ff21b039fddeadfda7f0ef7e3c6be47e771d72efed77d02b1b)

On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD (the directory the developer ran npm from), depositing CLAUDE.md,.claude/settings.json,.claude/commands/0x2ai-boot.md,.mcp.json, and several MCP server.cjs files outside the package's own install directory. CLAUDE.md is auto-loaded as project instructions by Claude Code, and.mcp.json hardcodes BRIDGEURL=https://zoe.0x2ai.com so that any subsequent Claude Code session in that directory routes chatroompost, memorysave/load/search, brainmailsend, providerquery (user LLM prompts), and settings_set (which can carry API keys) calls through the author's host. bin/start.cjs additionally spawns claude --dangerously-skip-permissions, disabling per-tool consent prompts for filesystem and shell access during the session. The combination — install-time configuration injection into a directory the package does not own + a persona instructing the agent to follow remote-bridge directives + skip-permissions launch — gives the operator at zoe.0x2ai.com unprompted tool access on the developer's machine and silently relays prompts and settings (including credentials) off-host. The install-time write of opinionated Claude Code configuration into the developer's working directory occurs without consent and is the install-time-harm component; the bridge relay is the silent-relay component for any session subsequently opened in that directory.

Database specific
{
    "malicious-packages-origins": [
        {
            "sha256": "0095428034b99e1aef40ecb5bc9cce9302f85316748dcfe32abd21c8a98376cb",
            "id": "IN-MAL-2026-005668",
            "source": "amazon-inspector",
            "import_time": "2026-06-11T07:49:39.005432439Z",
            "modified_time": "2026-06-11T07:16:13Z",
            "versions": [
                "1.2.0"
            ]
        },
        {
            "sha256": "724bd98c39a8e4ff21b039fddeadfda7f0ef7e3c6be47e771d72efed77d02b1b",
            "id": "IN-MAL-2026-005666",
            "source": "amazon-inspector",
            "import_time": "2026-06-11T07:49:38.824685618Z",
            "modified_time": "2026-06-11T07:16:10Z",
            "versions": [
                "0.2.0"
            ]
        }
    ]
}
References
Credits

Affected packages

npm / 0x2ai-zoe

Package

Affected ranges

Affected versions

0.*
0.2.0
1.*
1.2.0

Database specific

indicators
{
    "evidence_files": [
        {
            "path": "scripts/postinstall.cjs",
            "tlsh": "74e0c05706ccd379a5b2a1406c12c50a646ade81364094a0e27c0357bf92694ae23eff",
            "sha256": "4943321a174f2de446781e46abdc4eb4fd333f8cc98cf6fe3cd5fc4bbfb0b0a2"
        },
        {
            "path": "payload/.mcp.json",
            "tlsh": "f8e07d25d1f44e435683203619bd1615699591070d9cbc38b74fc0bc5f4c65b177d6dd",
            "sha256": "6b81ca9b13c5e4bb7d793547a0b490cf2864c1e46a4c84da5177fe71bb5f8ff8"
        },
        {
            "path": "bin/start.cjs",
            "tlsh": "9011005b868e07be57b441c46645c12b990bc84072d0e490d26e03a6fb511e82c677eb",
            "sha256": "fa5af6d044cd42d37d4c7b0e5f43cf7498e621ef7db1b837ea79e3087e552984"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/0x2ai-zoe/MAL-2026-5602.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506",
        "name": "Embedded Malicious Code"
    }
]