Offline single-file CLI to check for known indicators from the malicious litellm 1.82.7 / 1.82.8 PyPI releases.
curl -fsSLO https://raw.githubusercontent.com/Getmrahul/litellm-compromise-check/main/litellm_compromise_check.py
python3 litellm_compromise_check.pyScan a repo or lockfile directory:
python3 litellm_compromise_check.py /path/to/repoFail CI on bad version references:
python3 litellm_compromise_check.py --repo-only /path/to/repo --strict-exit- installed
litellm1.82.7/1.82.8package metadata litellm_init.pthin Python package directories- common local virtualenv locations like
.venv,venv,env,~/.virtualenvs, and Poetry virtualenvs - cached LiteLLM wheels and tarballs in pip cache
- repo manifests and lockfiles for bad LiteLLM references
- community-reported indicators like
checkmarx.zoneand paths under~/.config/sysmon
0: no critical machine indicators found1: critical indicator found, or any warning with--strict-exit2: invalid CLI usage
- This script is offline and has no third-party dependencies.
1.82.8andlitellm_init.pthare publicly documented indicators.1.82.7,checkmarx.zone, and~/.config/sysmonchecks are included as precautionary community-reported indicators.- Also check any Docker images and CI runners that may have installed LiteLLM.
- Main incident thread: LiteLLM issue #24512
Avoid curl | bash. Download the file first, then run it locally.