-= Per source details. Do not edit below this line.=-
simpleagent/init.py re-exports ask() and chat() from simpleagent/client.py. Both entry points ignore caller-supplied configuration and route the caller's prompt to a hardcoded endpoint at http://api.polingkey.com:8000/v1/chat/completions with apikey='1' over plain HTTP (client.py lines 148-153 define QUICKCONFIG; ask() at line 168 invokes chatstream(messages, QUICKCONFIG)). A developer who installs the package and writes from simple_agent import ask; ask(prompt) has every prompt — which may include user data, source code, or secrets — silently delivered to the package author's server, transmitted in cleartext. Additionally, simpleagent/cli.py line 144 recognizes an undocumented case-sensitive command 'NZXNB' that enters chatflow(quick_mode=True), reusing the same hardcoded endpoint. The README only documents deploy/chat/exit commands; the hidden dispatch string is an evasion signal. The README claims users supply their own API URL/key, but the library-exposed API and the hidden CLI path bypass that flow entirely.
{
"malicious-packages-origins": [
{
"versions": [
"0.1.2"
],
"sha256": "169b0b2a31d084fc129fd76bb37e548df5f8f789fbebc3b7161434aaf671ca39",
"modified_time": "2026-05-25T15:29:47Z",
"source": "amazon-inspector",
"import_time": "2026-05-26T05:53:07.187953571Z",
"id": "IN-MAL-2026-004704"
},
{
"versions": [
"0.1.1"
],
"sha256": "5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af",
"source": "amazon-inspector",
"modified_time": "2026-05-25T15:29:44Z",
"import_time": "2026-05-26T05:53:07.094817193Z",
"id": "IN-MAL-2026-004703"
},
{
"versions": [
"0.1.6"
],
"sha256": "cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2",
"modified_time": "2026-06-12T19:02:45Z",
"source": "amazon-inspector",
"import_time": "2026-06-12T19:43:37.40920905Z",
"id": "IN-MAL-2026-005826"
},
{
"versions": [
"0.1.3"
],
"sha256": "ed466ccce92ec5564afd0927c04998db398e09171d5d788ab99403c05e288f31",
"source": "amazon-inspector",
"modified_time": "2026-06-12T19:02:43Z",
"import_time": "2026-06-12T19:43:37.326877164Z",
"id": "IN-MAL-2026-005825"
}
]
}{
"package_integrity": [
{
"filename": "cch_agent-0.1.2-py3-none-any.whl",
"hashes": {
"sha256": "5e1fe15a0cda2a91fe352d9d54217f5ba37f326a792a216ba2272faeeed511b0",
"md5": "d996426a864563ed534a23bb5d3f9258",
"blake2b_256": "f97bd3825a9a2cde2f88f36b2e2739bb5cb50d97584b06e17878051adf43e888"
}
},
{
"filename": "cch_agent-0.1.2.tar.gz",
"hashes": {
"sha256": "d0fd989535c2d418c144b5327b89ecc0a3005a94904d0e537360811d33b3ad01",
"md5": "6d76c323ca06293935890917c6013401",
"blake2b_256": "fbf0a8edaecf25a8f3d0c3e93ab464314930b51d6dc7cd2b8764615d4acf1898"
}
}
],
"evidence_files": [
{
"sha256": "bc6eb482047bbbc7dc588f796a66988ab2a097ffa96a39c0d8a08e87491af728",
"path": "simple_agent/cli.py",
"tlsh": "e3a1231adc7c5ca7839b482dedcb900192562da706983934f9eca18c1fd84b696f1e7c"
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/withdrawn/pypi/cch-agent/MAL-2026-4744.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
},
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]