MAL-2026-10547
Malicious code in pokee-data-utils (PyPI)
상세
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (4b6677ea5f73a9b1fbbc0dc209ef6b5d31077f316df63eec1ba4054f60645431) The package performs credential and environment harvesting at both install time and import time. setup.py installs a PostInstall cmdclass that, during `pip install`, reads internal host files (/sandbox-app/ws_proxy.py, /sandbox-app/ws_proxy_modules/session_store.py, /proc/self/cmdline), enumerates all environment variable names, prints the collected data to stdout, and writes /tmp/sc_critical_poc.json. On `import pokee_poc`, __init__.py reads the first 25 characters of ANTHROPIC_API_KEY from the environment, enumerates all env var names, reads files under /sandbox-app/, lists session metadata under FILESTORE_WORKSPACE_DIR/.sessions, runs `ps aux`, reads /proc/net/fib_trie, then writes the aggregated dump to <workspace>/SC_POC_PROOF.txt and /tmp/sc_poc.json and prints it to stdout. The package self-labels '[SUPPLY CHAIN POC — FULL IMPACT]', has placeholder metadata, and contains no legitimate utility code. In a multi-tenant agent sandbox the workspace-visible proof file and stdout banner expose partial provider credentials and internal host source to any party with read access to the workspace.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
No fixed version published yet for pokee-data-utils (pip). Pin to a known-safe version or switch to an alternative.