-= Per source details. Do not edit below this line.=-
The package performs credential and environment harvesting at both install time and import time. setup.py installs a PostInstall cmdclass that, during pip install, reads internal host files (/sandbox-app/wsproxy.py, /sandbox-app/wsproxymodules/sessionstore.py, /proc/self/cmdline), enumerates all environment variable names, prints the collected data to stdout, and writes /tmp/sccriticalpoc.json. On import pokee_poc, init.py reads the first 25 characters of ANTHROPICAPIKEY from the environment, enumerates all env var names, reads files under /sandbox-app/, lists session metadata under FILESTOREWORKSPACEDIR/.sessions, runs ps aux, reads /proc/net/fibtrie, then writes the aggregated dump to <workspace>/SCPOCPROOF.txt and /tmp/scpoc.json and prints it to stdout. The package self-labels '[SUPPLY CHAIN POC — FULL IMPACT]', has placeholder metadata, and contains no legitimate utility code. In a multi-tenant agent sandbox the workspace-visible proof file and stdout banner expose partial provider credentials and internal host source to any party with read access to the workspace.
{
"malicious-packages-origins": [
{
"modified_time": "2026-07-14T03:56:56Z",
"versions": [
"1.0.1"
],
"sha256": "4b6677ea5f73a9b1fbbc0dc209ef6b5d31077f316df63eec1ba4054f60645431",
"id": "IN-MAL-2026-010387",
"source": "amazon-inspector",
"import_time": "2026-07-14T04:32:00.294340729Z"
}
]
}{
"evidence_files": [
{
"tlsh": "a9415204cc780eb5a1d3f2802b3e40218752a68779509d21b8fc6f696fc7d3894f617c",
"sha256": "edae0c89970feb35b677329eba126329c74efe6cbb581865655ccf9814f2caa4",
"path": "pokee_poc/__init__.py"
},
{
"tlsh": "1021666acd721d346fe72250156740243a4059132d50a8b6fedc9b144f8705d8599efd",
"sha256": "a05776ee17b27b7d6afddc6f3051629994a4a68704b843b7b29fba2bff8be7fe",
"path": "setup.py"
}
],
"package_integrity": [
{
"hashes": {
"md5": "b967cc9f42273fdd75657d0706856d99",
"sha256": "48fcd2b4a555e478d90822f71cc74207cd66fd20b59c94731854ebb499286d27",
"blake2b_256": "352f0b9268f4ebbebd81aa1a90d2292253c2aa611d45be8d843368445073f008"
},
"filename": "pokee_data_utils-1.0.1.tar.gz"
}
]
}
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/pokee-data-utils/MAL-2026-10547.json"