PkgRadar

PyPI · pypi.org

abstract-hugpy-dev

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.0.26

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · abstract_hugpy_dev-0.0.26/src/abstract_hugpy_dev/worker_agent/agent.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.26High risk302026-06-08
0.0.25High risk302026-06-07
0.0.24High risk302026-06-07
0.0.23High risk302026-06-07
0.0.22High risk302026-06-07
0.0.21High risk302026-06-07
0.0.20High risk302026-06-07
0.0.18High risk302026-06-07
0.0.19High risk302026-06-07
0.0.16High risk302026-06-07
0.0.17High risk302026-06-07
0.0.15High risk302026-06-07
0.0.14High risk302026-06-07
0.0.13High risk302026-06-07
0.0.12High risk302026-06-07
0.0.11High risk302026-06-07
0.0.10High risk302026-06-07
0.0.9High risk302026-06-07
0.0.8High risk302026-06-07
0.0.6High risk302026-06-07
0.0.7High risk302026-06-07
0.0.5High risk302026-06-07
0.0.4High risk302026-06-07
0.0.3High risk302026-06-07
0.0.2High risk302026-06-07
0.0.1High risk302026-06-07

Block this in CI

PkgRadar gates abstract-hugpy-dev (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi abstract-hugpy-dev==0.0.26
Start free — 25 scans / moView full evidence