Package squats the unscoped npm name mcp-server-redis (commonly invoked via npx mcp-server-redis by MCP/AI tooling looking for the official scoped Redis MCP server). package.json declares "postinstall": "node index.js", so on every npm install the script in index.js auto-runs and POSTs a JSON payload containing os.hostname(), process.cwd(), process.env.npm_config_user_agent, Node version and platform to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log. The same exfiltration also fires on every CLI invocation. Installers did not consent; the working-directory path can leak project/repository names, and host identifiers are sent to a third-party Cloudflare Workers endpoint. The author frames this as a 'security research canary,' but the mechanism — name-squat + automatic install-time beacon to an external endpoint — is namespace abuse with installer-data exfiltration regardless of stated intent.