Mal-ecule
O₅(CErSCaP)H₄(Cm₅Db₄FPo₂)Md₂(BkPt)
suspicious severity cross-file finding.
urllib3 InsecureRequestWarning suppression
suspicious severity cross-file finding.
Windsurf MCP configuration injection
notable severity cross-file finding.
Username and password packed together in a dict literal
notable severity cross-file finding.
Has code execution capability
Objectives
suspicious severity, 94% confident.
command-and-control/backdoor/tasking
Kotlin activate token
suspicious severity, 85% confident.
evasion/security-bypass
urllib3 InsecureRequestWarning suppression
suspicious severity, 90% confident.
supply-chain/trojanized/app
Windsurf MCP configuration injection
notable severity, 90% confident.
credential-access/env/secrets
Accesses sensitive environment variable via os.environ
notable severity, 88% confident.
persistence/login
runpy run_module execution
baseline severity, 100% confident.
anti-analysis/sandbox-detect
VirtualBox driver file existence check
Micro-behaviors
notable severity, 90% confident.
communications/http
HTTP request targets loopback address (local IPC)
notable severity, 80% confident.
communications/http/lib
requests.Session() persistent HTTP session
notable severity, 90% confident.
communications/http/services
EC2 EBS volume creation
notable severity, 90% confident.
communications/ipc
FastMCP tool decorator
notable severity, 90% confident.
data/serialize
Python json.loads call
notable severity, 100% confident.
data/text/keywords
Contains the string "urllib3"
notable severity, 84% confident.
data/text/llm
AI agent target phrase
notable severity, 80% confident.
fs/path
Hardcoded absolute home directory path
notable severity, 80% confident.
process/create
Python process execution capabilities
baseline severity, 100% confident.
communications/http/server
Common web server binaries
Metadata
notable severity, 80% confident.
build
DOCKER_ environment prefix
notable severity, 95% confident.
lang
Source imports requests library
baseline severity, 100% confident.
file
Python file extension
anti-analysis
notable severity, 90% confident.
archive
Archive entry has excessively long name (275 bytes)
20 of 72 traits shown
Identity
| SHA-256 | f1c514b24c547e664c18b4565fe38ae53c4e178a3bafe899cf714c722da07a95 |
|---|---|
| Canonical SHA-256 | 0000c992987a182cc923aef99fde46a1ca43e601f3c5a7fbb3b3ebbfbb1ce624 |
| Filename | portainer_agent-0.26.0-py3-none-any.whl |
| Package | portainer-agent |
| Version | 0.26.0 |
Origin
| Source | forager |
|---|---|
| Feed | pypi.org |
| Ecosystem | python |
| Domain | pythonhosted.org |
| URL | https://files.pythonhosted.org/packages/45/c1/3f81b7763333258131d72f5c284cd22f04ddde4cd1b9ab947f420ad3276d/portainer_agent-0.26.0-py3-none-any.whl |
Timeline
| First seen | 4 Jun 2026 10:26 UTC |
|---|---|
| First analyzed | 14 Jun 2026 09:11 UTC |
| Last analyzed | 14 Jun 2026 09:11 UTC |
| Last updated | 14 Jun 2026 09:11 UTC |
Labeling
| Label | unknown |
|---|---|
| Label source | forager |
| Traits version | c7b65 |
Not seeing what you expected? Let us know