PyPI · pypi.org
agentic-ci
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 0.3.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · agentic_ci-0.3.3/src/agentic_ci/backends/podman.py |
| medium | Py Custom Build Backend | Non-standard PEP 517 build-backend `uv_build` — runs custom code at install time. · pyproject.toml |
| medium | Remote Payload | matched "curl " · agentic_ci-0.3.3/src/agentic_ci/jira/acli.py |
| medium | Credential file access | matched ".config/gcloud" · agentic_ci-0.3.3/src/agentic_ci/backends/podman.py |
| medium | Credential file access | matched "GOOGLE_APPLICATION_CREDENTIALS" · agentic_ci-0.3.3/src/agentic_ci/harness.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.3.3 | High risk | 82 | 2026-06-17 |
0.3.2 | High risk | 82 | 2026-06-16 |
0.3.1 | High risk | 82 | 2026-06-16 |
0.3.0 | High risk | 82 | 2026-06-12 |
0.2.25 | High risk | 82 | 2026-06-11 |
0.2.24 | High risk | 82 | 2026-06-11 |
0.2.23 | High risk | 82 | 2026-06-09 |
0.2.22 | High risk | 82 | 2026-06-09 |
0.2.21 | High risk | 82 | 2026-06-09 |
0.2.20 | High risk | 82 | 2026-06-08 |
0.2.19 | High risk | 82 | 2026-06-05 |
0.2.18 | High risk | 82 | 2026-06-04 |
0.2.17 | High risk | 82 | 2026-06-04 |
0.2.16 | High risk | 82 | 2026-06-03 |
0.2.15 | High risk | 82 | 2026-06-03 |
0.2.14 | High risk | 82 | 2026-06-02 |
0.2.13 | High risk | 82 | 2026-05-30 |
0.2.12 | High risk | 82 | 2026-05-30 |
0.2.11 | High risk | 82 | 2026-05-30 |
0.2.10 | High risk | 82 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi agentic-ci==0.3.3