—

MAL-2026-5755

Malicious code in anthropickit (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (ff4126bd465ae6de09a2eaa94a4fd2d7d385a5dae2c093372668d4b7ecb81633) During installation, the package attempts to exfiltrate sensitive env variables and SSH keys.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-anthropickit

Reasons (based on the campaign):

- exfiltration-ssh-keys

- exfiltration-env-variables

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / anthropickit

No fixed version published yet for anthropickit (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/anthropickit [WEB]