-= Per source details. Do not edit below this line.=-
This package's metadata and README openly declare it as a dependency-confusion proof-of-concept that registers a PyPI name referenced in Apple's ml-health-query-profiles tutorial. The current payload is inert: init.py only sets version and main.py prints a notice — no network calls, no subprocess execution, no file or credential access at install or import time. However, anyone following the upstream tutorial that references this package name would silently pull this PoC into their environment. Although the present version is benign, the registered name occupies a namespace slot that a third party referenced, and any future version published under this name would automatically reach those installers. Routing to human review so an adjudicator can decide whether the PoC nature warrants a public advisory and whether the upstream tutorial reference needs coordination.
Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose.
Category: PROBABLY_PENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
Campaign: GENERIC-standard-pypi-install-pentest
Reasons (based on the campaign):
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
The package overrides the install command in setup.py to execute malicious code during installation.
The OpenSSF Package Analysis project identified 'query-profile' @ 0.0.3 (pypi) as malicious.
It is considered malicious because:
{
"malicious-packages-origins": [
{
"modified_time": "2026-06-20T08:58:27.447063Z",
"versions": [
"0.0.1",
"0.0.2",
"0.0.3"
],
"sha256": "9a60c7fce9ec29fa327128c80bca74a51b9f1965c50c6dc9286016fa31001bf1",
"id": "pypi/GENERIC-standard-pypi-install-pentest/query-profile",
"source": "kam193",
"import_time": "2026-06-20T09:41:12.89494755Z"
},
{
"modified_time": "2026-06-20T09:00:58Z",
"versions": [
"0.0.3"
],
"sha256": "668684938d648f2835b9065f86e06d3815d9c81999a32e50b6ffe61942bd7015",
"import_time": "2026-06-20T09:41:09.49557541Z",
"source": "ossf-package-analysis"
},
{
"modified_time": "2026-06-20T08:55:46Z",
"versions": [
"0.0.2"
],
"sha256": "b09610327ce9bc65f6ccb9e068cb5b710272846418445fcb3cfa6579a5d633da",
"import_time": "2026-06-20T09:41:09.378992505Z",
"source": "ossf-package-analysis"
},
{
"modified_time": "2026-07-08T16:34:55Z",
"versions": [
"0.0.1"
],
"sha256": "7e5505d198ffea0cc608cbcd89e3d8fbe236f4d4ac532425b0e042c52bf87efe",
"import_time": "2026-07-08T17:01:34.84125903Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-008154"
}
]
}{
"evidence_files": [
{
"tlsh": "a7f09e73578b6a658c61bb60a96857c7ec7ab02e31101964b2d7c0c8985e4cac3e147b",
"sha256": "d1b271c71b4141d2577c7465405bc249469ed55375cef17336a2918bb139fce4",
"path": "pyproject.toml"
}
],
"package_integrity": [
{
"hashes": {
"md5": "f336ddb264266abf09df92eec57543f3",
"sha256": "10544c1fc884d3196be616a8299482a90360d2baa552a9a7325ef447deb8a86a",
"blake2b_256": "6c07c2e44cf77743ce0470be124a619d27cfa08877f4cbf241bf65e1a411ce90"
},
"filename": "query_profile-0.0.1-py3-none-any.whl"
},
{
"hashes": {
"md5": "40ac99644160158e35253276674b08b2",
"sha256": "4155304e57e706ebce3761edf51837b6a4cd07183643c4ce137b8a7441fa4392",
"blake2b_256": "740aa3fe2199be19c0a739f67c0047c2417ff66c94ff0609855920f1d8ef6cb5"
},
"filename": "query_profile-0.0.1.tar.gz"
}
]
}
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/query-profile/MAL-2026-6236.json"