HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-12-14(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-12-aicloudforge

Code is heavily obfuscated with PyArmor. While it may be used for some kind of intellectual property protection, packages also have other risk marks: - Obfuscation is done with the trial PyArmor version - Although obfuscated, it's distributed under the MIT license - There is no identification of the author, all names are very generic - all URLs are invalid (repository, homepage)

Abuse categories

obfuscation

Code uses obfuscation techniques to hide its true purpose.

Packages in the campaign

campaign:2025-12-aicloudforge

• ai-mcp-framework
• ai-mcp-rbac
• gke-cache-builder
• gke-deployment-tools
• gke-iam-vm-tools
• gke-log-tools
• jwtbased-rbac