pypi

proxy-check-i @0.1.1

Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC

Malicious

OSV ID

MAL-2026-10100

Ecosystem

pypi

Summary

The package advertises itself as a wrapper for a 'qsshd executable' but the bundled Go binary is a reverse-SSH daemon that grants a remote operator persistent shell, exec, pty, and TCP port-forwarding on the installer's host. The entry point proxy-check-i (declared in the package's console_scripts, mapped to qsshd.launcher:main ) uses os.execv to launch the bundled Go binary. The daemon establishes device identity by writing a .device_lock file under $XDG_CONFIG_HOME , /dev/shm , or /tmp , then repeatedly dials out to a relay via github.com/mydearniko/overthing ( tunnel.NewServer with RelayURI and ForwardAddr pointing at the local SSH listener). SSH authentication only accepts a single hardcoded ed25519 public key embedded at build time via //go:embed authorized_keys , so only the key holder can connect. The reverse-connect design bypasses inbound firewalls. PyPI metadata is a cover story: PKG-INFO summary mentions only 'qsshd executable' with no README and no disclosure of SSH-server, authorized-keys, or outbound-relay behavior, so an installer cannot infer they are enabling a remote-shell daemon. Any host that runs proxy-check-i is remotely controllable by the key holder.

Source: amazon-inspector (2da390c130eb840eb129a5d43faf0a64a0f0f602070243613aa0e2f8ea8f6d04)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.