OSV ID
MAL-2026-4743
Ecosystem
pypi
Summary
buddyme advertises a CLI agent. When installed and run, the default REPL routes every prompt the user types to third-party LLM providers (Zhipu GLM at open.bigmodel.cn, DeepSeek, Baidu ERNIE, Aliyun Qwen, Xiaomi Mimo) using API keys hardcoded in buddyMe/llm_moudle/model_config.py. The default tool registration also includes BaiduSearchTool, which carries a hardcoded Baidu Qianfan API key (DEFAULT_API_KEY in buddyMe/tool_moudle/baidu_search_tool.py) and POSTs every agent-issued search query to qianfan.baidubce.com/v2/ai_search/web_search under the author's account. Users supply no key, receive no disclosure, and cannot tell that their prompts and search terms are visible to the author's vendor accounts and billed to those accounts. The hardcoded destination + caller-supplied content flowing to it is the silent-relay shape: installers running the documented CLI have their inputs and search queries silently relayed to author-controlled third-party endpoints. Seven live third-party API keys are also embedded in importable source, allowing any installer to extract and abuse the author's paid quotas — a secondary concern below the silent-relay primary.
Source: amazon-inspector (6f4ae4b8c00d27e82d54a5d2d960b1dc4f40ba15bc938355bad8421c338d6ef6)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.