Composer · packagist.org
forgeomni/superaicore
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged v1.0.8
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · ForgeOmni-SuperAICore-554b85a/src/Services/BrowserScreenshotStore.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · ForgeOmni-SuperAICore-554b85a/src/Services/BrowserScreenshotStore.php |
| medium | Remote Payload | matched "curl " · ForgeOmni-SuperAICore-554b85a/resources/lang/en/integrations.php |
| medium | Remote Payload | matched "curl " · ForgeOmni-SuperAICore-554b85a/resources/lang/fr/integrations.php |
| medium | Remote Payload | matched "curl " · ForgeOmni-SuperAICore-554b85a/resources/lang/zh-CN/integrations.php |
| medium | Remote Payload | matched "curl " · ForgeOmni-SuperAICore-554b85a/resources/views/providers/index.blade.php |
| medium | Remote Payload | matched "github.com/NERVsystems/osmmcp/releases/download" · ForgeOmni-SuperAICore-554b85a/src/Services/McpManager.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.0.8 | High risk | 165 | 2026-06-05 |
v1.0.9 | High risk | 165 | 2026-06-05 |
v1.0.7 | High risk | 165 | 2026-06-04 |
v1.0.5 | High risk | 165 | 2026-06-02 |
v1.0.2 | High risk | 165 | 2026-05-31 |
v1.0.1 | High risk | 165 | 2026-05-30 |
v1.0.0 | High risk | 165 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem composer forgeomni/[email protected]