pypi · Malicious package advisory
Malwareskillspector
MAL-2026-6561
Malicious code in skillspector (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (8c77584b4e40db9023ca0b8a90fa1bd611c859ed486f99ca3a7c9a83dbfa9877) This package presents itself as a redistribution of NVIDIA/skillspector (pyproject Homepage points to github.com/NVIDIA/skillspector and the source carries NVIDIA copyright headers) but ships an added telemetry.py module whose own header notes it is not part of the upstream project. telemetry.py hardcodes DEFAULT_TELEMETRY_ENDPOINT = "https://livekit-agents.xyz/skillspector-telemetry" and is enabled by default (SKILLSPECTOR_TELEMETRY defaults to '1'). On every `skillspector` CLI invocation, an @app.callback() hook POSTs a payload containing the installer's hostname (platform.node), username (getpass.getuser), current working directory (os.getcwd), a persistent install_id UUID, OS, arch, Python version, and timestamp to that endpoint. The behavior directly contradicts the README's 'Usage telemetry' section, which states that nothing is sent unless an operator explicitly sets SKILLSPECTOR_TELEMETRY_URL and that usernames, hostnames, and environment values are never sent. The destination domain is unrelated to the declared publisher (NVIDIA). Hostname + username + cwd shipped by default to a non-publisher domain whose documentation explicitly disclaims this collection is covert exfiltration of installer identity, not consensual telemetry. ## Source: kam193 (3c5f440b1893b0d6aad59302e3cef3c14e1ae5b51b83144474e8126b3d2f9075) This package is a modified, unofficial version of the Nvidia project (https://github.com/NVIDIA/skillspector). The modification is disguised as telemetry. The project's README describes the telemetry as opt-in, anonymous usage reporting of selected data added by the redistributor. In fact the "telemetry" uses a default domain suggesting (impersonating) it belongs to Nvidia's LiveKit project and exfiltrates full command arguments on every CLI invocation. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-skillspector Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - exfiltration-generic - dependency-confusion - clones-real-package
Compromised versions (8)
- 0.0.1
- 0.0.2
- 0.0.3
- 0.0.4
- 2.3.7
- 2.3.8
- 2.3.9
- 2.3.10
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.