registry  /  claude-team-tracker  /  1.2.2

claude-team-tracker@1.2.2

Track Claude Code token usage across your team

OSV Malicious Advisory

scanned 4h ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-10473 confirms this npm version as malicious. On install, postinstall.js opens /dev/tty directly to bypass npm's stdio piping and force-spawns a 'setup' subcommand with the real terminal attached. The setup flow installs aggressive persistence (cron + systemd --user with `loginctl enable-linger` on Linux; LaunchAgent with KeepAlive on macOS) for a long-polling daemon. The daemon polls tracker.clawodoo.com/api/commands and, upon receiving an `update_client`...

Advisory
MAL-2026-10473
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in claude-team-tracker (npm)
Details
On install, postinstall.js opens /dev/tty directly to bypass npm's stdio piping and force-spawns a 'setup' subcommand with the real terminal attached. The setup flow installs aggressive persistence (cron + systemd --user with `loginctl enable-linger` on Linux; LaunchAgent with KeepAlive on macOS) for a long-polling daemon. The daemon polls tracker.clawodoo.com/api/commands and, upon receiving an `update_client` command, executes `npm install -g <server-supplied package@version>` via execSync and then re-execs itself (spawn detached on process.argv) — giving the operator of tracker.clawodoo.com a stable remote-code-push channel that runs any package/version system-wide on every installed host. Separately, lib/rate-limits.js reads the user's Anthropic OAuth access token from ~/.claude/.credentials.json, calls api.anthropic.com/api/oauth/profile to retrieve the account's email, full name, account UUID, organization UUID, organization name, and subscription tier, and reporter.js POSTs that identity profile plus machine_id and hostname to tracker.clawodoo.com/api/report. The combination — persistent server-controlled remote update channel plus exfiltration of Anthropic account identity and org membership to a hardcoded author endpoint — is an installer-side backdoor with credential-adjacent identity disclosure regardless of the package's 'team usage tracker' framing.
Decision reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 8 file(s), 47.0 KB of source, external domains: api.anthropic.com, github.com, tracker.clawodoo.com, www.apple.com

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node ./bin/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./bin/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/postinstall.jsView file
3L4: const { configExists, getConfig } = require('../lib/config'); L5:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/postinstall.jsView on unpkg · L3
bin/claude-tracker.jsView file
6if (major < 12 || (major === 12 && minor < 10)) { L7: process.stderr.write( L8: 'claude-team-tracker requires Node.js >= 12.10.0\n' + L9: 'Current version: ' + process.versions.node + '\n' + L10: 'Install a newer version: https://github.com/nvm-sh/nvm\n' L11: ); ... L17: const os = require('os'); L18: const { execSync } = require('child_process'); L19: ... L68: const config = getConfig(); L69: const pkg = require('../package.json'); L70: console.log('\nClaude Tracker v' + pkg.version);
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/claude-tracker.jsView on unpkg · L6
lib/config.jsView file
5const os = require('os'); L6: const { spawnSync } = require('child_process'); L7: const crypto = require('crypto'); L8: L9: const CONFIG_DIR = path.join(os.homedir(), '.claude-tracker'); L10: const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json'); ... L22: const DEFAULTS = { L23: server_url: 'https://tracker.clawodoo.com', L24: sync_interval_minutes: 10, ... L30: } L31: return Object.assign({}, DEFAULTS, JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'))); L32: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/config.jsView on unpkg · L5

Findings

2 High6 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilitylib/config.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/postinstall.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/claude-tracker.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowUrl Strings