-= Per source details. Do not edit below this line.=-
Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it seems to be research.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: 2025-11-wayspirit
Reasons (based on the campaign):
{
"malicious-packages-origins": [
{
"sha256": "4fe32f342d558eff24f50c4a76d23d32ca56bd51b39d5c3bb4c8fc9413f3ec2c",
"id": "pypi/2025-11-wayspirit/wayspiritmcp-ppa",
"source": "kam193",
"import_time": "2025-12-02T22:30:56.502078783Z",
"modified_time": "2025-11-05T21:24:19.338513Z",
"versions": [
"0.1.1",
"0.1.0"
]
},
{
"sha256": "efa23f0b46a88dcde4aa71c67cba31f46d0f8a9eef555daa0cbe4f2bd54d7a38",
"id": "pypi/2025-11-wayspirit/wayspiritmcp-ppa",
"source": "kam193",
"import_time": "2025-12-02T23:07:19.686029002Z",
"modified_time": "2025-11-05T21:24:19.338513Z",
"versions": [
"0.1.1",
"0.1.0"
]
},
{
"sha256": "b47821d4a139d98475de81a20f416d4714e3844bfa4e4921724e2043114808b5",
"id": "pypi/2025-11-wayspirit/wayspiritmcp-ppa",
"source": "kam193",
"import_time": "2025-12-30T22:39:04.367361515Z",
"modified_time": "2025-11-05T21:24:19.338513Z",
"versions": [
"0.1.0",
"0.1.1"
]
}
]
}