Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for anthropickit (pypi).
Description
During installation, the package attempts to exfiltrate sensitive env variables and SSH keys.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-anthropickit
Reasons (based on the campaign):
exfiltration-ssh-keys
exfiltration-env-variables
Technical details
Affected versions
=999.9.9
Indicators
- affected version=999.9.975%
Timeline
- Advisory published
- Indexed by ThreatPkg
Related incidents
- Malicious code in salesforce-sysutils-diagnostics (PyPI)salesforce-sysutils-diagnostics92
- Malicious code in patientdocuments (npm)patientdocuments92
- Malicious code in @giftyhq/widget-components (npm)@giftyhq/widget-components92
- Malicious code in oh-my-ashclaw (npm)oh-my-ashclaw92
- Malicious code in @achuthvp/postinstall-poc (npm)@achuthvp/postinstall-poc92