PyPI · pypi.org
aicage
Remote Payload: matched "curl "
Why PkgRadar flagged 1.2.5
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/agy/install.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/agy/version.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/claude/install.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/crush/install.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/droid/install.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/droid/version.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/goose/install.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/goose/version.sh |
| medium | Remote Payload | matched "curl " · aicage-1.2.5/config/agent-build/agents/opencode/install.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.2.5 | High risk | 50 | 2026-06-05 |
Block this in CI
pkgradar gate --ecosystem pypi aicage==1.2.5