Skip to content

Getmrahul/litellm-compromise-check

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

LiteLLM Compromise Check

Offline single-file CLI to check for known indicators from the malicious litellm 1.82.7 / 1.82.8 PyPI releases.

Quick Run

curl -fsSLO https://raw.githubusercontent.com/Getmrahul/litellm-compromise-check/main/litellm_compromise_check.py
python3 litellm_compromise_check.py

Scan a repo or lockfile directory:

python3 litellm_compromise_check.py /path/to/repo

Fail CI on bad version references:

python3 litellm_compromise_check.py --repo-only /path/to/repo --strict-exit

What It Checks

  • installed litellm 1.82.7 / 1.82.8 package metadata
  • litellm_init.pth in Python package directories
  • common local virtualenv locations like .venv, venv, env, ~/.virtualenvs, and Poetry virtualenvs
  • cached LiteLLM wheels and tarballs in pip cache
  • repo manifests and lockfiles for bad LiteLLM references
  • community-reported indicators like checkmarx.zone and paths under ~/.config/sysmon

Exit Codes

  • 0: no critical machine indicators found
  • 1: critical indicator found, or any warning with --strict-exit
  • 2: invalid CLI usage

Notes

  • This script is offline and has no third-party dependencies.
  • 1.82.8 and litellm_init.pth are publicly documented indicators.
  • 1.82.7, checkmarx.zone, and ~/.config/sysmon checks are included as precautionary community-reported indicators.
  • Also check any Docker images and CI runners that may have installed LiteLLM.
  • Main incident thread: LiteLLM issue #24512

Avoid curl | bash. Download the file first, then run it locally.

About

Offline single-file CLI to detect known indicators from the malicious LiteLLM 1.82.7/1.82.8 PyPI releases.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages