pypi

pokee-data-utils @1.0.1

Vulnerability report · Last retrieved from osv.dev July 14, 2026 at 7:46 AM UTC

Malicious

OSV ID

MAL-2026-10547

Ecosystem

pypi

Summary

The package performs credential and environment harvesting at both install time and import time. setup.py installs a PostInstall cmdclass that, during pip install , reads internal host files (/sandbox-app/ws_proxy.py, /sandbox-app/ws_proxy_modules/session_store.py, /proc/self/cmdline), enumerates all environment variable names, prints the collected data to stdout, and writes /tmp/sc_critical_poc.json. On import pokee_poc , __init__.py reads the first 25 characters of ANTHROPIC_API_KEY from the environment, enumerates all env var names, reads files under /sandbox-app/, lists session metadata under FILESTORE_WORKSPACE_DIR/.sessions, runs ps aux , reads /proc/net/fib_trie, then writes the aggregated dump to <workspace>/SC_POC_PROOF.txt and /tmp/sc_poc.json and prints it to stdout. The package self-labels '[SUPPLY CHAIN POC — FULL IMPACT]', has placeholder metadata, and contains no legitimate utility code. In a multi-tenant agent sandbox the workspace-visible proof file and stdout banner expose partial provider credentials and internal host source to any party with read access to the workspace.

Source: amazon-inspector (4b6677ea5f73a9b1fbbc0dc209ef6b5d31077f316df63eec1ba4054f60645431)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.