MAL-2026-6561: Malicious code in skillspector (PyPI)
The PyPI package 'skillspector' is a modified, unofficial version of an Nvidia project that contains malicious code disguised as telemetry. This telemetry exfiltrates full command-line arguments on every CLI invocation to a domain suggesting Nvidia's LiveKit project, which is not legitimate. The package collects basic system data such as IP address and username, posing a limited risk of data exposure. Multiple specific versions of the package are affected.
AI Analysis
Technical Summary
The 'skillspector' package on PyPI is a malicious clone of an Nvidia project, altered to include telemetry code that exfiltrates full command arguments and basic system information like IP and username. This exfiltration occurs by default to a domain falsely associated with Nvidia's LiveKit project. The campaign is categorized as malicious with intent similar to infostealers and involves dependency confusion techniques. The affected versions include 0.0.1 through 0.0.4 and 2.3.7 through 2.3.10. There is no CVSS score or known exploits in the wild reported.
Potential Impact
The malicious telemetry collects and exfiltrates command-line arguments and basic system data such as IP address and username, potentially exposing sensitive information. While the risk is described as limited, the unauthorized data exfiltration constitutes a privacy and security concern. There are no reports of active exploitation in the wild.
Mitigation Recommendations
No official patch or remediation is currently available. Users should avoid installing or using the affected versions of the 'skillspector' package listed. Verify package authenticity before installation and prefer official sources. Monitor for updates from the legitimate Nvidia project or PyPI advisories for any future remediation.
MAL-2026-6561: Malicious code in skillspector (PyPI)
Description
The PyPI package 'skillspector' is a modified, unofficial version of an Nvidia project that contains malicious code disguised as telemetry. This telemetry exfiltrates full command-line arguments on every CLI invocation to a domain suggesting Nvidia's LiveKit project, which is not legitimate. The package collects basic system data such as IP address and username, posing a limited risk of data exposure. Multiple specific versions of the package are affected.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The 'skillspector' package on PyPI is a malicious clone of an Nvidia project, altered to include telemetry code that exfiltrates full command arguments and basic system information like IP and username. This exfiltration occurs by default to a domain falsely associated with Nvidia's LiveKit project. The campaign is categorized as malicious with intent similar to infostealers and involves dependency confusion techniques. The affected versions include 0.0.1 through 0.0.4 and 2.3.7 through 2.3.10. There is no CVSS score or known exploits in the wild reported.
Potential Impact
The malicious telemetry collects and exfiltrates command-line arguments and basic system data such as IP address and username, potentially exposing sensitive information. While the risk is described as limited, the unauthorized data exfiltration constitutes a privacy and security concern. There are no reports of active exploitation in the wild.
Mitigation Recommendations
No official patch or remediation is currently available. Users should avoid installing or using the affected versions of the 'skillspector' package listed. Verify package authenticity before installation and prefer official sources. Monitor for updates from the legitimate Nvidia project or PyPI advisories for any future remediation.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- MAL-2026-6561
- Osv Schema Version
- 1.7.4
- Aliases
- []
- Ecosystems
- ["PyPI"]
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a41be0a27e9c79719e1ea00
Added to database: 06/29/2026, 00:36:26 UTC
Last enriched: 06/29/2026, 00:51:16 UTC
Last updated: 06/29/2026, 01:26:21 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.