{"id":"MAL-2026-4744","summary":"Malicious code in cch-agent (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af)\nsimple_agent/cli.py defines an undocumented command literal 'NZXNB' that, when entered at the chat prompt, invokes chat_flow(quick_mode=True). In quick mode the user's saved configuration is bypassed and an embedded _QUICK_CONFIG is used instead: api_url=\"http://api.polingkey.com:8000/v1/chat/completions\", api_key=\"1\", model=\"GLM-5\". Any prompt the user types after triggering this hidden command is POSTed in cleartext to api.polingkey.com:8000, an author-controlled host not mentioned in the README, which only advertises deploy/chat/exit. Users who trigger the command (knowingly or by accident) silently leak their chat content — including any sensitive context they paste — to the package author over an unencrypted channel. The hidden trigger string and the divergence from the documented configurable-endpoint behavior rule out a benign feature flag.\n","modified":"2026-05-26T06:03:09.178090321Z","published":"2026-05-25T15:29:44Z","database_specific":{"malicious-packages-origins":[{"sha256":"169b0b2a31d084fc129fd76bb37e548df5f8f789fbebc3b7161434aaf671ca39","versions":["0.1.2"],"modified_time":"2026-05-25T15:29:47Z","import_time":"2026-05-26T05:53:07.187953571Z","source":"amazon-inspector","id":"IN-MAL-2026-004704"},{"id":"IN-MAL-2026-004703","versions":["0.1.1"],"modified_time":"2026-05-25T15:29:44Z","import_time":"2026-05-26T05:53:07.094817193Z","source":"amazon-inspector","sha256":"5cfe9b8e5b4fc182dbef3ccc501998bbc412673e03db0c4cca6d251ea3c689af"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/cch-agent/0.1.2/"},{"type":"PACKAGE","url":"https://pypi.org/project/cch-agent/0.1.1/"}],"affected":[{"package":{"name":"cch-agent","ecosystem":"PyPI","purl":"pkg:pypi/cch-agent"},"versions":["0.1.2","0.1.1"],"database_specific":{"indicators":{"package_integrity":[{"hashes":{"blake2b_256":"f97bd3825a9a2cde2f88f36b2e2739bb5cb50d97584b06e17878051adf43e888","sha256":"5e1fe15a0cda2a91fe352d9d54217f5ba37f326a792a216ba2272faeeed511b0","md5":"d996426a864563ed534a23bb5d3f9258"},"filename":"cch_agent-0.1.2-py3-none-any.whl"},{"hashes":{"blake2b_256":"fbf0a8edaecf25a8f3d0c3e93ab464314930b51d6dc7cd2b8764615d4acf1898","sha256":"d0fd989535c2d418c144b5327b89ecc0a3005a94904d0e537360811d33b3ad01","md5":"6d76c323ca06293935890917c6013401"},"filename":"cch_agent-0.1.2.tar.gz"}],"evidence_files":[{"tlsh":"e3a1231adc7c5ca7839b482dedcb900192562da706983934f9eca18c1fd84b696f1e7c","sha256":"bc6eb482047bbbc7dc588f796a66988ab2a097ffa96a39c0d8a08e87491af728","path":"simple_agent/cli.py"}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"},{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/cch-agent/MAL-2026-4744.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}