{"id":"MAL-2026-4768","summary":"Malicious code in sklern (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10)\nPackage name 'sklern' is a one-character deletion from the top-tier ML package 'sklearn', and its public API (linear_regression, logistic_regression, decision_tree, perceptron, mlp, etc.) mimics sklearn's surface but the functions do not implement ML — they print code strings. On `import sklern`, src/sklern/__init__.py loads src/sklern/ai_helper.py, which at module top level instantiates a Groq client with a hardcoded API key (`Groq(api_key=\"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\")`). The exported `get1(prompt)` function — re-exported in `__all__` — sends the caller's prompt to api.groq.com using that hardcoded key, with no mechanism for the caller to override the destination or credential. PKG-INFO description is the placeholder 'Example PyPI package' and README references 'sample_package'. A developer who mistypes 'sklearn' as 'sklern' installs a package that (a) does not provide the ML functionality its API names suggest, (b) ships a live third-party credential that any installer can extract and abuse against api.groq.com, and (c) silently relays caller-supplied prompt data through the author's Groq account where it may be logged. The combination of name-confusion attack + credential distribution + silent-relay of caller data is the typosquat-with-payload pattern.\n","modified":"2026-05-26T06:03:13.840146701Z","published":"2026-05-22T07:56:04Z","database_specific":{"malicious-packages-origins":[{"sha256":"1495d93dccc77a422f70d192ef4d8dcd53b0c990fff43e68bc2a0eca301e5d10","versions":["0.0.8"],"import_time":"2026-05-26T05:52:03.836992087Z","modified_time":"2026-05-22T07:56:04Z","id":"IN-MAL-2026-004166","source":"amazon-inspector"},{"sha256":"b92ed7e6820e49af81e0cfc8873e8c9875f9a4e1bdb8c97db4c70c0962fc74d0","versions":["0.0.7"],"import_time":"2026-05-26T05:52:03.985577276Z","modified_time":"2026-05-22T07:56:13Z","id":"IN-MAL-2026-004167","source":"amazon-inspector"},{"sha256":"c69087b215e403f9377c077a40672735f28a9ad3263ae3937be85f88c7293ca2","versions":["0.0.10"],"import_time":"2026-05-26T05:53:13.821381393Z","modified_time":"2026-05-25T19:00:59Z","id":"IN-MAL-2026-004760","source":"amazon-inspector"},{"sha256":"c833fe81e9829c9ef98f27c825af436fe8bd0df2338d8bc48c4fb683479f6f7b","import_time":"2026-05-26T05:52:04.112650843Z","versions":["0.0.6"],"modified_time":"2026-05-22T07:56:18Z","id":"IN-MAL-2026-004168","source":"amazon-inspector"},{"sha256":"ee98b309bf1049c64bacb2e0102b63332363b65ba0f866d54e414e57ed4a285a","import_time":"2026-05-26T05:53:13.715916795Z","versions":["0.0.11"],"modified_time":"2026-05-25T19:00:54Z","id":"IN-MAL-2026-004759","source":"amazon-inspector"},{"sha256":"b5c9a1e82eeefa132146962cd0000f7b4f4865551d56e7839b15410160f2f36c","import_time":"2026-05-26T05:53:13.939460528Z","versions":["0.0.9"],"modified_time":"2026-05-25T19:01:03Z","id":"IN-MAL-2026-004761","source":"amazon-inspector"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/sklern/0.0.8/"},{"type":"PACKAGE","url":"https://pypi.org/project/sklern/0.0.7/"},{"type":"PACKAGE","url":"https://pypi.org/project/sklern/0.0.10/"},{"type":"PACKAGE","url":"https://pypi.org/project/sklern/0.0.6/"},{"type":"PACKAGE","url":"https://pypi.org/project/sklern/0.0.11/"},{"type":"PACKAGE","url":"https://pypi.org/project/sklern/0.0.9/"}],"affected":[{"package":{"name":"sklern","ecosystem":"PyPI","purl":"pkg:pypi/sklern"},"versions":["0.0.8","0.0.7","0.0.10","0.0.6","0.0.11","0.0.9"],"database_specific":{"indicators":{"evidence_files":[{"path":"src/sklern/ai_helper.py","sha256":"0c03c1dff96bc79dedee61be3bfaa543c7f32f5283c7df2eb7198230f861d28a","tlsh":"82111525ed248c5a03e6c0a9aa815041707dac2b67e578a8f23c415c6fc563b15b95fb"},{"path":"pyproject.toml","sha256":"afa90cd4c22b3e3087762eea12d973e3dd52ed273f18d2bd3188797be717934f","tlsh":"01e0f827cebb7810aa813000682089818db6b8523ac8888472c7c2882a6d882dac8820"}],"package_integrity":[{"filename":"sklern-0.0.8-py3-none-any.whl","hashes":{"sha256":"51117181afbff8f70e60b70daa3a62b26a5b02faa8e0c9f8e33799248d6eaa3e","md5":"65f8ca8a9b52b42c8e69a9183c07799a","blake2b_256":"da8fa0c1ac7471a83517992509b0761ff792dc663635a96823857aa3df3aaee6"}},{"filename":"sklern-0.0.8.tar.gz","hashes":{"sha256":"9d9522429ea3b208ad69ada9de0d356f2f8604e827c405522a3be185ffe67c4a","md5":"bc4c47d9600e4ab6585e1100d24e19d8","blake2b_256":"cafbb44e0e3dc8134a59594571a9b4aba897e48afcbe73b409c926270a5bc837"}}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/sklern/MAL-2026-4768.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"}]}