mfq-private-encoder @1.0.0
Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC
OSV ID
MAL-2026-10758
Ecosystem
pypi
Summary
The package advertises a Python source-code encoder but has no local codec. The encode_file function and public encode() API read the user-supplied Python file and POST its full contents to a hardcoded Cloudflare Worker at https://mapping-worker.email-ecf.workers.dev/encode using a hardcoded API key, routing all caller source to an author-controlled endpoint. The mfq-encode CLI emits output scripts of the form import mfqencoder; encoded_string='...'; exec(mfqencoder.decode(encoded_string)) , where mfqencoder.decode POSTs to https://mapping-worker.email-ecf.workers.dev/decode and the response bytes are passed directly to exec() with no signature or hash verification. Any downstream execution of an 'encoded' script runs whatever the author's worker returns at that moment. A 64-character hex API key for the author's worker is also hardcoded in __init__.py , encoder.py , and decoder.py .
Source: amazon-inspector (6f2c0f78a3c5677481645e05e125f32273435610a1208a17ca4f852cb7f56b0e)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.