PkgRadar

PyPI · pypi.org

aind-clabe

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.10.7

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · aind_clabe-0.10.7/src/clabe/xml_rpc/_server.py
mediumPy Custom Build BackendNon-standard PEP 517 build-backend `uv_build` — runs custom code at install time. · pyproject.toml

Scanned versions

VersionVerdictScoreScanned (UTC)
0.10.7High risk312026-06-06

Block this in CI

PkgRadar gates aind-clabe (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi aind-clabe==0.10.7
Start free — 25 scans / moView full evidence