2 matches found
Malicious code in create-kachow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b65b2deeeafefb22b81e6a863b51115953b108991e5462d939dce3d6b8ee4a97 bin/create-kachow.js declares a BUILTINKEYS object containing live API keys for four third-party AI providers Gemini key starting...
MAL-2026-4751 Malicious code in glass-of-water (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79336313f71fac8158ff6f3e0160d0e99a8d1d84c452505fd3739af5838a69 glassofwater/init.py embeds 10 Google Gemini API keys AIzaSy... split across 5-part dictionaries and reassembled at runtime by getapikey L6-19. The...