PkgRadar

PyPI · pypi.org

animica

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.4.6

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · animica-0.4.6/_build_vendor/agent_runtime/aicf_worker.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · animica-0.4.6/_build_vendor/coretx/crypto.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · animica-0.4.6/animica/contracts/artifacts.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.4.6High risk832026-06-13
0.4.5High risk832026-06-06
0.4.4High risk832026-06-06
0.4.3High risk832026-06-05
0.4.2High risk832026-06-04
0.4.1High risk832026-06-04
0.4.0High risk832026-06-04
0.3.13High risk832026-06-03
0.3.12High risk832026-06-03
0.3.11High risk832026-06-03
0.3.10High risk832026-06-01
0.3.9High risk832026-06-01
0.3.8High risk832026-06-01
0.3.7High risk832026-06-01
0.3.6High risk832026-06-01
0.3.5High risk832026-05-31
0.3.4High risk832026-05-31
0.3.3High risk832026-05-31
0.3.2High risk832026-05-31
0.3.1High risk832026-05-31
0.3.0High risk832026-05-31
0.2.0High risk832026-05-30
0.1.70High risk832026-05-30
0.1.69High risk832026-05-30
0.1.68High risk832026-05-30
0.1.67High risk832026-05-30
0.1.66High risk832026-05-30
0.1.65High risk632026-05-30
0.1.64High risk302026-05-30

Block this in CI

PkgRadar gates animica (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi animica==0.4.6
Start free — 25 scans / moView full evidence