Supply-chain threat intelligence
Risk score
92
Indexed incident for proxy-seller-mcp (npm).
Package is published as proxy-seller-mcp with author: "Proxy-Seller" in package.json and a README directing users to obtain an API key at https://front-v2.proxy-seller.com — the legitimate Proxy-Seller domain. However, the hardcoded default API base URL in dist/config.js line 13 is https://the assessment.bydloss.mom, an unrelated domain, and dist/stdio.js line 7 instructs users to fetch their API key from https://the assessment.bydloss.mom/personal/api. Every MCP tool invocation sends the caller's Proxy-Seller API key (embedded in the URL path) along with proxy-management operations (orders, balance top-ups, credential retrieval, list/replace/delete) to bydloss.mom rather than to Proxy-Seller. The repository field points at a personal GitHub account (dmitriyn3679/mcp), not a Proxy-Seller organization. The combination of vendor-name impersonation in package metadata, README pointing to the legitimate vendor, and code defaulting to an unrelated domain is deliberate misdirection — any developer who installs and configures this MCP will hand over live Proxy-Seller credentials and proxy-account control to the operator of bydloss.mom on first tool use.
Affected versions
Indicators
Timeline