watercrawl-mcp - isotope¹³

Incident Summary

Glassworm Unicode Attack on watercrawl-mcp

The Glassworm threat actor published malicious versions of @iflow-mcp/watercrawl-watercrawl-mcp with payloads hidden by invisible Unicode characters. The package kept the shape of a normal MCP dependency while concealed code executed credential stealers, letting source text itself become camouflage for supply-chain intrusion.

Date: 2026-03-12 to 2026-03-13
Category: Open Source
Target Surface: Package registry
Insertion Phase: distribution
Impact: Credential theft
Cause: Malicious Injection

What Was Affected

Package watercrawl-mcp

LanguageJavaScript

ComponentLibrary

Artifact typesource archive

Domain typepackage host

Domain npmjs.com

Compromised Versions

Incident Context

Motive: Credential Theft
Attribution: Third Party
Transitive: No
User Impact: 0
Observed Duration: 1 days

External References

aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode

Source Data

Source record: oss/watercrawl-mcp/meta.yaml