By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
Deny all
Accept all
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Geordie named RSAC 2026 Innovation Sandbox Top 10 Finalist
No items found.

Technical Advisory: Remote Shell Backdoor in MCP Package (@lanyer640/mcp-runcommand-server)

Date: October 3, 2025

Severity: High

Package: @lanyer640/mcp-runcommand-server

Advisory: GHSA-xmqc-rm22-fxq6

Overview

A malicious package has been identified in the NPM ecosystem targeting Multi-agent Communication Protocol (MCP) implementations. The package @lanyer640/mcp-runcommand-server contains malicious code that establishes unauthorized remote shells, potentially allowing attackers to gain remote access to systems where it is installed.

Risk Analysis

This threat is particularly concerning in the context of agentic AI systems due to:

  1. Protocol Abuse: Exploits MCP (Multi-agent Communication Protocol) infrastructure
  2. Supply Chain Risk: Represents a sophisticated supply chain attack targeting AI agent communications
  3. Autonomous Systems Impact: Could affect multiple agents and systems through delegation chains

Technical Details

The malicious package operates through a two-pronged approach:

  1. Installation Time:
    • Utilizes preinstall hooks in package.json
    • Executes malicious setup code during package installation
  2. Runtime Execution:
    • Implements backdoor functionality through runtime scripts
    • Establishes persistent remote shell access
    • Potentially allows unauthorized command execution

Impact

Systems that have installed this package may be compromised, allowing attackers to:

  • Execute arbitrary commands remotely
  • Access sensitive system resources
  • Establish persistent backdoor access
  • Potentially pivot to other systems in the network

Affected Components

The following package variations are known to be malicious:

  • @lanyer640/mcp-runcommand-server
  • @lanyer640/mcp-runcommand-server@latest
  • @lanyer640/mcp-runcommand-server@1.0.6
  • Base package name variations

Immediate Mitigation Steps

  1. Remove the malicious package immediately:
  2. npm uninstall @lanyer640/mcp-runcommand-server

  3. Check for indicators of compromise:
    • Review system logs for unauthorized access
    • Monitor for suspicious network connections
    • Check for unexpected outbound traffic
  4. Security measures:
    • Rotate any potentially exposed credentials
    • Review system integrity
    • Audit other installed packages

Long-term Recommendations

  1. Package Verification:
    • Implement strict package verification procedures
    • Use package lockfiles to pin dependencies
    • Regularly audit npm dependencies
  2. MCP Security:
    • Implement strict validation of MCP messages
    • Monitor agent communication patterns
    • Use secure protocols for inter-agent communication
  3. System Hardening:
    • Implement least-privilege principles for package installation
    • Use containerization where possible
    • Maintain up-to-date security policies

Framework Context

This incident aligns with multiple security frameworks:

  • OWASP ASI T2 Tool Misuse: Demonstrates exploitation of agent tool integration
  • OWASP ASI T16 Inter-Agent Protocol Abuse: Specifically targets MCP infrastructure
  • OWASP LLM03:2025 Supply Chain: Represents a supply chain attack vector

Updates

We will update this analysis as more information becomes available. Please monitor our channels for the latest updates.

More Articles

The CISOs Guide to Agentic Security & Governance (Executive Edition)
Hanah-Marie Darley
Hanah-Marie Darley
Co-founder & CAIO
Guide

The CISOs Guide to Agentic Security & Governance (Executive Edition)

An executive-level introduction to agentic security and governance, designed to help CISOs understand emerging AI agent risks and prepare for adoption.

Read more
Claude Desktop Extensions RCE Vulnerability: A Technical Analysis of Configuration Risk and Agentic AI Governance
Giuseppe Trovato
Giuseppe Trovato
Head of Research
Blog

Claude Desktop Extensions RCE Vulnerability: A Technical Analysis of Configuration Risk and Agentic AI Governance

A remote code execution vulnerability in Claude Desktop Extensions received a CVSS 10.0 score this week. Looking at the technical requirements for exploitation reveals something more nuanced - and more instructive for agentic AI governance.

Read more
Technical Advisory: Claude Desktop Extensions Tool Chaining Vulnerability
Technical Advisory

Technical Advisory: Claude Desktop Extensions Tool Chaining Vulnerability

Security researchers disclosed a tool chaining vulnerability in Claude Desktop Extensions rated CVSS 10/10, but this represents a known risk class in agentic AI systems – not a novel attack. We assess this as Medium severity and recommend organizations treat it as a governance opportunity for AI tooling extensions.

Read more
Footer graphic with abstract geometric patterns and gradients

Know your agents. Govern with certainty.

Book a Demo