On npm install, the package's postinstall hook (scripts.postinstall: node index.js) collects host identifiers — os.hostname(), process.cwd(), the npm user-agent, Node version, and os.platform()/arch — and POSTs them to a hardcoded remote endpoint at https://npx-canary-log.vulnerable-live.workers.dev/log without any installer consent or opt-out. The package name mcp-server-sentry is an unscoped squat targeting the MCP/Sentry naming convention used by AI coding agents and developer tooling that invoke npx mcp-server-sentry expecting an official MCP server; the README confirms the package was published to capture traffic resolving this unclaimed name. The combination of an intentional name-squat plus install-time outbound transmission of installer identifiers (hostname + working-directory paths, which routinely leak usernames and project layouts) to an author-controlled Cloudflare Workers endpoint is a supply-chain exfiltration shape, regardless of the author's stated 'research canary' intent — installers receive no disclosure and no opportunity to decline before the beacon fires.