AGENTSCORE-2026-0012

MCP package: fa-mcp-sdk

Published 4/25/2026 · → 0.4.71

Production credentials embedded in published npm tarball at package/config/local.yaml. Affected versions: 0.4.57 through 0.4.71 inclusive (latest at time of advisory). Six versions republished after private disclosure with the same file intact. The published file contains an OpenAI/LiteLLM API key, Active Directory service-account credentials for two production domains, Consul ACL tokens for dev and prod environments, a Postgres superuser password, and a JWT encryption key. Anyone running npm install fa-mcp-sdk or npx -y fa-mcp-sdk receives these values. The package is distributed as an MCP SDK, meaning agent-framework tooling typically pulls it without manual review. AgentScore disclosed privately to the maintainer on April 19, 20, and 22, 2026, and escalated to security@npmjs.com on April 22 after five new versions shipped without addressing the issue. Maintainer published a sanitized template at package/config/_local.yaml but never removed the original local.yaml. Recommendation: do not install. Rotate any credentials matching the maintainer organization that may have been pulled. CWE-798 (use of hard-coded credentials), CWE-540 (inclusion of sensitive information in source code). References: - Public disclosure on Dev.to: https://dev.to/michael_onyekwere/continuous-monitoring-caught-a-credential-leak-in-a-published-mcp-package-six-republishes-later-3app - Public class-level GitHub issue: https://github.com/Bazilio-san/fa-mcp-sdk/issues/3 - Scan report: https://agentscores.xyz/report/fa-mcp-sdk - Disclosure timeline (this advisory): https://agentscores.xyz/security/advisories