PkgRadar

Composer · packagist.org

spora-ai/spora-core

Php Base64 Eval Chain, Php Backtick With Decode, Remote Payload

Why PkgRadar flagged v0.4.0

SeveritySignalEvidence
highPhp Base64 Eval Chain
highPhp Backtick With Decode
mediumRemote Payload
mediumRemote Payload

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.4.0High risk992026-06-26

Block this in CI

PkgRadar gates spora-ai/spora-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem composer spora-ai/[email protected]
Start free — 25 scans / moView full evidence