MAL-2026-4539

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/create-kachow/MAL-2026-4539.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-4539

Published

2026-05-20T21:40:32Z

Modified

2026-05-26T06:02:25.039804960Z

Summary

Malicious code in create-kachow (npm)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97)

bin/create-kachow.js declares a BUILTIN_KEYS object containing live API keys for four third-party AI providers (Gemini key starting AIzaSyByPyGWXRVsa0..., OpenRouter sk-or-v1-673e3b6d..., Mistral OiCiNtvBsogE..., DeepSeek sk-7ecd4ed8...). The key-resolution helpers (e.g. resolveGeminiKeys) fall back to these built-in keys whenever the corresponding env var is unset, so any installer running npx create-kachow obtains and uses live credentials against generativelanguage.googleapis.com, openrouter.ai, api.mistral.ai, and api.deepseek.com. Two installer-affecting harms follow: (1) the keys are extractable from the package by anyone who installs it and can be abused against the four third-party providers (credential redistribution); (2) the README advertises a 'deterministic template generator — no AI required' fallback when no keys are set, but the code instead silently routes the user-supplied app description (the appPrompt from ask("Describe your app:")) to those four providers under the author's account, where prompts may be logged. This contradicts documented behavior and makes the data flow non-consensual.

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-05-20T21:40:32Z",
            "versions": [
                "1.2.0"
            ],
            "sha256": "b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97",
            "id": "IN-MAL-2026-003617",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:50:58.611980417Z"
        }
    ]
}

References

https://www.npmjs.com/package/create-kachow/v/1.2.0

Credits

- Amazon Inspector - FINDER
- - actran@amazon.com

Affected packages

npm / create-kachow

Package

Name: create-kachow; View open source insights on deps.dev
Purl: pkg:npm/create-kachow

Affected ranges

Affected versions

1.*

1.2.0

Database specific

indicators

{
    "evidence_files": [
        {
            "sha256": "4a4a3ccfc707a30076814b7d03b9404f4380f3c3310bf2172eddec3b6ae4e1e7",
            "tlsh": "89a3f826b4f118214ab3e1783e6b54017978e017ad09ed54b7ec92842fce9aec4f27dd",
            "path": "bin/create-kachow.js"
        }
    ],
    "package_integrity": [
        {
            "hashes": {
                "sha512_sri": "sha512-chwwfumJVOac2cz+mbcK2RWQtAf5QTihcos56+2pF8Bfp49mUp8FA51vNATOIMmXSrsYjIZ0q49Fyz824b/RJg==",
                "sha1": "e6180d20952da7ad32afc81221a1ee504f3cb40b"
            },
            "filename": "create-kachow-1.2.0.tgz"
        }
    ]
}

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/create-kachow/MAL-2026-4539.json"

cwes

[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]