MAL-2026-4768
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sklern/MAL-2026-4768.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-4768
- Published
- 2026-05-22T07:56:04Z
- Modified
- 2026-05-26T06:03:13.840146701Z
- Summary
- Malicious code in sklern (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10)
Package name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API (linearregression, logisticregression, decisiontree, perceptron, mlp, etc.) mimics sklearn's surface but the functions do not implement ML — they print code strings. On
import sklern, src/sklern/init.py loads src/sklern/aihelper.py, which at module top level instantiates a Groq client with a hardcoded API key (Groq(api_key="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")). The exportedget1(prompt)function — re-exported in__all__— sends the caller's prompt to api.groq.com using that hardcoded key, with no mechanism for the caller to override the destination or credential. PKG-INFO description is the placeholder 'Example PyPI package' and README references 'sample_package'. A developer who mistypes 'sklearn' as 'sklern' installs a package that (a) does not provide the ML functionality its API names suggest, (b) ships a live third-party credential that any installer can extract and abuse against api.groq.com, and (c) silently relays caller-supplied prompt data through the author's Groq account where it may be logged. The combination of name-confusion attack + credential distribution + silent-relay of caller data is the typosquat-with-payload pattern. - Database specific
{ "malicious-packages-origins": [ { "import_time": "2026-05-26T05:52:03.836992087Z", "versions": [ "0.0.8" ], "modified_time": "2026-05-22T07:56:04Z", "sha256": "1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10", "id": "IN-MAL-2026-004166", "source": "amazon-inspector" }, { "import_time": "2026-05-26T05:52:03.985577276Z", "versions": [ "0.0.7" ], "modified_time": "2026-05-22T07:56:13Z", "sha256": "b92ed7e6820e49af81e0cfc8873e8c9875f9a4e1bdb8c97db4c70c0962fc74d0", "id": "IN-MAL-2026-004167", "source": "amazon-inspector" }, { "import_time": "2026-05-26T05:53:13.821381393Z", "versions": [ "0.0.10" ], "modified_time": "2026-05-25T19:00:59Z", "id": "IN-MAL-2026-004760", "sha256": "c69087b215e403f9377c077a40672735f28a9ad3263ae3937be85f88c7293ca2", "source": "amazon-inspector" }, { "import_time": "2026-05-26T05:52:04.112650843Z", "versions": [ "0.0.6" ], "modified_time": "2026-05-22T07:56:18Z", "sha256": "c833fe81e9829c9ef98f27c825af436fe8bd0df2338d8bc48c4fb683479f6f7b", "id": "IN-MAL-2026-004168", "source": "amazon-inspector" }, { "import_time": "2026-05-26T05:53:13.715916795Z", "versions": [ "0.0.11" ], "modified_time": "2026-05-25T19:00:54Z", "sha256": "ee98b309bf1049c64bacb2e0102b63332363b65ba0f866d54e414e57ed4a285a", "id": "IN-MAL-2026-004759", "source": "amazon-inspector" }, { "import_time": "2026-05-26T05:53:13.939460528Z", "versions": [ "0.0.9" ], "modified_time": "2026-05-25T19:01:03Z", "sha256": "b5c9a1e82eeefa132146962cd0000f7b4f4865551d56e7839b15410160f2f36c", "id": "IN-MAL-2026-004761", "source": "amazon-inspector" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
PyPI / sklern
Package
- Name
- sklern
- View open source insights on deps.dev
- Purl
- pkg:pypi/sklern
Database specific
indicators
{
"package_integrity": [
{
"filename": "sklern-0.0.8-py3-none-any.whl",
"hashes": {
"blake2b_256": "da8fa0c1ac7471a83517992509b0761ff792dc663635a96823857aa3df3aaee6",
"sha256": "51117181afbff8f70e60b70daa3a62b26a5b02faa8e0c9f8e33799248d6eaa3e",
"md5": "65f8ca8a9b52b42c8e69a9183c07799a"
}
},
{
"filename": "sklern-0.0.8.tar.gz",
"hashes": {
"blake2b_256": "cafbb44e0e3dc8134a59594571a9b4aba897e48afcbe73b409c926270a5bc837",
"sha256": "9d9522429ea3b208ad69ada9de0d356f2f8604e827c405522a3be185ffe67c4a",
"md5": "bc4c47d9600e4ab6585e1100d24e19d8"
}
}
],
"evidence_files": [
{
"path": "src/sklern/ai_helper.py",
"sha256": "0c03c1dff96bc79dedee61be3bfaa543c7f32f5283c7df2eb7198230f861d28a",
"tlsh": "82111525ed248c5a03e6c0a9aa815041707dac2b67e578a8f23c415c6fc563b15b95fb"
},
{
"path": "pyproject.toml",
"sha256": "afa90cd4c22b3e3087762eea12d973e3dd52ed273f18d2bd3188797be717934f",
"tlsh": "01e0f827cebb7810aa813000682089818db6b8523ac8888472c7c2882a6d882dac8820"
}
]
}
cwes
[
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
},
{
"name": "Embedded Malicious Code",
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506"
}
]
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sklern/MAL-2026-4768.json"