@reconcrap/boss-recommend-mcp flagged credential stealer (npm) — Cremit · NHI Credential Stealer Index