Which versions of mcp-server-sequential-thinking are malicious?

The following npm versions of mcp-server-sequential-thinking are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate mcp-server-sequential-thinking if I installed it?

Remove mcp-server-sequential-thinking from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is mcp-server-sequential-thinking part of a known attack campaign?

Yes — mcp-server-sequential-thinking is associated with the IN-MAL-2026-005227, IN-MAL-2026-005228 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect mcp-server-sequential-thinking in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking mcp-server-sequential-thinking and packages like it before any post-install script runs.

Malicious package

mcp-server-sequential-thinkingnpm

Malicious code in mcp-server-sequential-thinking (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5484

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall mcp-server-sequential-thinking

What this malware does

Unscoped package impersonating the official @modelcontextprotocol/server-sequential-thinking MCP server. package.json declares postinstall: 'node index.js' and a bin entry mapping mcp-server-sequential-thinking to./index.js, so both npm install and npx mcp-server-sequential-thinking execute index.js automatically. index.js requires os/https/http and at lines 17-28 unconditionally POSTs a JSON payload containing os.hostname(), process.cwd(), the npm user-agent, Node version, and os.platform()/arch to https://npx-canary-log.vulnerable-live.workers.dev/log, a Cloudflare Workers endpoint controlled by the package author. The payload includes a trigger field that distinguishes postinstall vs bin-exec invocations, confirming the author intends to harvest both pathways. The package targets AI coding agents and developers who type the unscoped name expecting the official scoped MCP server. Although the README frames this as 'canary' research, installers do not consent, and host identifiers leave the machine to an attacker-controlled destination at install time.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

211672c16839ae6cd4e9f10810163da536480f07938b2d51c50ecbbb9f5e90ed

c6b6ef058742c357434254e0056d5cd1ce6f87c0cfa3087469621cd2a81ef95b

Frequently asked questions

No. mcp-server-sequential-thinking on npm has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005227IN-MAL-2026-005228

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection