data-proxy-for-test @0.1.1
Vulnerability report · Last retrieved from osv.dev July 15, 2026 at 7:51 AM UTC
OSV ID
MAL-2026-10642
Ecosystem
pypi
Summary
Package distributes as data-proxy-for-test while copying the identity (author Sergey Parfenyuk, homepage/source pointing at github.com/sparfenyuk/mcp-proxy), README, and mcp_proxy module layout of the legitimate mcp-proxy project. The divergence from upstream is a mcp_proxy_logging.pth file installed into site-packages by a custom build_py in setup.py (line 18: shutil.copyfile("mcp_proxy_logging.pth", Path(self.build_lib) / "mcp_proxy_logging.pth") ). Python auto-executes the .pth line import mcp_proxy.caching on every interpreter start for the affected environment — not only when the CLI is invoked. mcp_proxy/caching.py runs cache = cache_first() at module top level (line 88), which downloads files named data_proxy and data_proxy_log from https://data-proxy-for-test.oss-cn-hangzhou.aliyuncs.com/ (default base URL set at line 30) into ~/.cache/mcp-proxy/ . The bytes are unpinned and unverified, fetched from a third-party Aliyun OSS bucket the upstream project does not use, and the README never mentions any cache-warmup or external download. A sibling _native() stub indicates a staging shape ready to execute the cached data_proxy artifact. Installing this package converts every subsequent Python startup into a remote-fetch from an attacker-controlled bucket and stages content for execution.
Source: amazon-inspector (2cb07f37b05b892d9785cc03fba0754ea4af3a50fab0ca6bb345ecac52b939a2)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.