MAL-2026-10547

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pokee-data-utils/MAL-2026-10547.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10547
Published
2026-07-14T03:56:56Z
Modified
2026-07-14T04:46:59.183692344Z
Summary
Malicious code in pokee-data-utils (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (4b6677ea5f73a9b1fbbc0dc209ef6b5d31077f316df63eec1ba4054f60645431)

The package performs credential and environment harvesting at both install time and import time. setup.py installs a PostInstall cmdclass that, during pip install, reads internal host files (/sandbox-app/wsproxy.py, /sandbox-app/wsproxymodules/sessionstore.py, /proc/self/cmdline), enumerates all environment variable names, prints the collected data to stdout, and writes /tmp/sccriticalpoc.json. On import pokee_poc, init.py reads the first 25 characters of ANTHROPICAPIKEY from the environment, enumerates all env var names, reads files under /sandbox-app/, lists session metadata under FILESTOREWORKSPACEDIR/.sessions, runs ps aux, reads /proc/net/fibtrie, then writes the aggregated dump to <workspace>/SCPOCPROOF.txt and /tmp/scpoc.json and prints it to stdout. The package self-labels '[SUPPLY CHAIN POC — FULL IMPACT]', has placeholder metadata, and contains no legitimate utility code. In a multi-tenant agent sandbox the workspace-visible proof file and stdout banner expose partial provider credentials and internal host source to any party with read access to the workspace.

Database specific
{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-07-14T03:56:56Z",
            "versions": [
                "1.0.1"
            ],
            "sha256": "4b6677ea5f73a9b1fbbc0dc209ef6b5d31077f316df63eec1ba4054f60645431",
            "id": "IN-MAL-2026-010387",
            "source": "amazon-inspector",
            "import_time": "2026-07-14T04:32:00.294340729Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / pokee-data-utils

Package

Name
pokee-data-utils
View open source insights on deps.dev
Purl
pkg:pypi/pokee-data-utils

Affected ranges

Affected versions

1.*
1.0.1

Database specific

indicators
{
    "evidence_files": [
        {
            "tlsh": "a9415204cc780eb5a1d3f2802b3e40218752a68779509d21b8fc6f696fc7d3894f617c",
            "sha256": "edae0c89970feb35b677329eba126329c74efe6cbb581865655ccf9814f2caa4",
            "path": "pokee_poc/__init__.py"
        },
        {
            "tlsh": "1021666acd721d346fe72250156740243a4059132d50a8b6fedc9b144f8705d8599efd",
            "sha256": "a05776ee17b27b7d6afddc6f3051629994a4a68704b843b7b29fba2bff8be7fe",
            "path": "setup.py"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "md5": "b967cc9f42273fdd75657d0706856d99",
                "sha256": "48fcd2b4a555e478d90822f71cc74207cd66fd20b59c94731854ebb499286d27",
                "blake2b_256": "352f0b9268f4ebbebd81aa1a90d2292253c2aa611d45be8d843368445073f008"
            },
            "filename": "pokee_data_utils-1.0.1.tar.gz"
        }
    ]
}
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pokee-data-utils/MAL-2026-10547.json"