PyPI · pypi.org
agentvault-hermes
Py Import Time Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 0.7.9
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Import Time Subprocess | subprocess call — process spawning. · agentvault_hermes/plugins/agentvault/__init__.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · agentvault_hermes/cli/setup.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.7.9 | High risk | 62 | 2026-06-09 |
0.7.8 | High risk | 132 | 2026-06-03 |
0.7.7 | High risk | 132 | 2026-05-30 |
0.7.6 | High risk | 132 | 2026-05-30 |
0.7.5 | High risk | 132 | 2026-05-30 |
0.7.4 | High risk | 132 | 2026-05-30 |
0.7.2 | High risk | 132 | 2026-05-30 |
0.7.1 | High risk | 132 | 2026-05-30 |
0.7.0 | High risk | 132 | 2026-05-30 |
0.6.0 | High risk | 132 | 2026-05-30 |
0.5.2 | High risk | 100 | 2026-05-30 |
0.5.1 | High risk | 100 | 2026-05-30 |
0.5.0 | High risk | 100 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi agentvault-hermes==0.7.9