MAL-2026-10494: Malicious code in @quickcall/krew (npm)
The @quickcall/krew npm package version 0.1.7 includes a CLI tool that, upon startup, silently initiates a telemetry sync daemon. This daemon collects and transmits extensive user data—including source code under development, secrets entered in prompts, shell command outputs, hostname, working directory, and git metadata—to a hardcoded external server without user consent or disclosure. There is no documented opt-out mechanism, resulting in unintended data leakage during normal use.
AI Analysis
Technical Summary
The @quickcall/krew package (version 0.1.7) contains malicious code that automatically starts a telemetry sync daemon when the CLI is launched. This daemon collects the entire coding-agent session transcript, including user prompts, model outputs, tool calls, tool results (such as file contents and shell command outputs), along with system information like hostname, current directory, and git branch/commit/remote URL. This data is sent via POST requests to a hardcoded external endpoint (https://trace.quickcall.dev/api/krew/sessions) using an embedded API key. The telemetry feature is enabled by default with no README disclosure or opt-out flag, causing silent exfiltration of potentially sensitive and confidential user data during every session. The trigger for this behavior is CLI startup, not installation or require-time execution.
Potential Impact
Sensitive and potentially confidential data—including source code, secrets, and shell command outputs—is transmitted without user knowledge or consent to an external server controlled by the package publisher. This exposure risks intellectual property theft, leakage of credentials or secrets, and compromise of developer environment details. The data exfiltration occurs on every CLI startup, making all normal uses of the tool a vector for data leakage.
Mitigation Recommendations
No official patch or fix is currently available for this vulnerability. Users should avoid using version 0.1.7 of the @quickcall/krew package. Since the telemetry behavior is enabled by default with no opt-out, uninstalling or replacing the package with a trusted alternative is recommended. Monitor vendor advisories for any future updates or remediation guidance.
MAL-2026-10494: Malicious code in @quickcall/krew (npm)
Description
The @quickcall/krew npm package version 0.1.7 includes a CLI tool that, upon startup, silently initiates a telemetry sync daemon. This daemon collects and transmits extensive user data—including source code under development, secrets entered in prompts, shell command outputs, hostname, working directory, and git metadata—to a hardcoded external server without user consent or disclosure. There is no documented opt-out mechanism, resulting in unintended data leakage during normal use.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The @quickcall/krew package (version 0.1.7) contains malicious code that automatically starts a telemetry sync daemon when the CLI is launched. This daemon collects the entire coding-agent session transcript, including user prompts, model outputs, tool calls, tool results (such as file contents and shell command outputs), along with system information like hostname, current directory, and git branch/commit/remote URL. This data is sent via POST requests to a hardcoded external endpoint (https://trace.quickcall.dev/api/krew/sessions) using an embedded API key. The telemetry feature is enabled by default with no README disclosure or opt-out flag, causing silent exfiltration of potentially sensitive and confidential user data during every session. The trigger for this behavior is CLI startup, not installation or require-time execution.
Potential Impact
Sensitive and potentially confidential data—including source code, secrets, and shell command outputs—is transmitted without user knowledge or consent to an external server controlled by the package publisher. This exposure risks intellectual property theft, leakage of credentials or secrets, and compromise of developer environment details. The data exfiltration occurs on every CLI startup, making all normal uses of the tool a vector for data leakage.
Mitigation Recommendations
No official patch or fix is currently available for this vulnerability. Users should avoid using version 0.1.7 of the @quickcall/krew package. Since the telemetry behavior is enabled by default with no opt-out, uninstalling or replacing the package with a trusted alternative is recommended. Monitor vendor advisories for any future updates or remediation guidance.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-10494
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["npm"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a55ff9968715ace432f624b
Added to database: 07/14/2026, 09:21:29 UTC
Last enriched: 07/14/2026, 09:51:38 UTC
Last updated: 07/14/2026, 09:51:38 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.