MAL-2025-191789

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mcp-weather-full/MAL-2025-191789.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-191789
Published
2025-11-06T08:46:54Z
Modified
2025-12-31T02:57:18.925803Z
Summary
Malicious code in mcp-weather-full (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (c12eff5425b0aa04547b3bbff3444c1d96ca3cf765fdc105d7b7ff9252c9afda)

Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it seems to be research.

Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.

Campaign: 2025-11-wayspirit

Reasons (based on the campaign):

  • llm-threat
Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "0.8.2",
                "0.8.1",
                "0.8.0",
                "0.8.3",
                "0.8.4",
                "0.8.5",
                "0.8.6",
                "0.8.7",
                "0.8.8",
                "0.8.9",
                "0.9.0",
                "0.9.1",
                "0.9.2",
                "0.9.3",
                "0.9.4",
                "0.9.5",
                "0.9.6",
                "1.0.0",
                "1.0.1"
            ],
            "modified_time": "2025-11-09T09:25:21.922098Z",
            "import_time": "2025-12-02T22:30:56.203369145Z",
            "id": "pypi/2025-11-wayspirit/mcp-weather-full",
            "source": "kam193",
            "sha256": "88126ddb21009fa1a3aedab5db740fd059efb093047fe914a90a2036c5161ed3"
        },
        {
            "versions": [
                "0.8.2",
                "0.8.1",
                "0.8.0",
                "0.8.3",
                "0.8.4",
                "0.8.5",
                "0.8.6",
                "0.8.7",
                "0.8.8",
                "0.8.9",
                "0.9.0",
                "0.9.1",
                "0.9.2",
                "0.9.3",
                "0.9.4",
                "0.9.5",
                "0.9.6",
                "1.0.0",
                "1.0.1"
            ],
            "modified_time": "2025-11-09T09:25:21.922098Z",
            "import_time": "2025-12-02T23:07:19.385263762Z",
            "id": "pypi/2025-11-wayspirit/mcp-weather-full",
            "source": "kam193",
            "sha256": "c12eff5425b0aa04547b3bbff3444c1d96ca3cf765fdc105d7b7ff9252c9afda"
        },
        {
            "versions": [
                "0.8.0",
                "0.8.1",
                "0.8.2",
                "0.8.3",
                "0.8.4",
                "0.8.5",
                "0.8.6",
                "0.8.7",
                "0.8.8",
                "0.8.9",
                "0.9.0",
                "0.9.1",
                "0.9.2",
                "0.9.3",
                "0.9.4",
                "0.9.5",
                "0.9.6",
                "1.0.0",
                "1.0.1"
            ],
            "modified_time": "2025-11-09T09:25:21.922098Z",
            "import_time": "2025-12-30T22:39:04.311812128Z",
            "id": "pypi/2025-11-wayspirit/mcp-weather-full",
            "source": "kam193",
            "sha256": "f51a214634cbcfaaf12d990053293981c0a2e4e1093cdc0b343c8c9dc85a2c49"
        }
    ]
}
References
Credits

Affected packages

PyPI / mcp-weather-full

Package

Name
mcp-weather-full
View open source insights on deps.dev
Purl
pkg:pypi/mcp-weather-full

Affected ranges

Affected versions

0.*
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
1.*
1.0.0
1.0.1

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mcp-weather-full/MAL-2025-191789.json"