PkgRadar

PyPI · pypi.org

argus-ai-scanner

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.12.0

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · argus_ai_scanner-1.12.0/dast/sandbox/firecracker/entrypoint.py
highDNS / OAST exfiltrationmatched "oast.fun" · argus_ai_scanner-1.12.0/mcp_scanner/oob_listener.py
mediumRemote Payloadmatched "curl " · argus_ai_scanner-1.12.0/dast/sandbox/firecracker/build_and_push_multi.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.12.0High risk922026-06-01
1.11.1High risk622026-05-31
1.11.0High risk622026-05-31

Block this in CI

PkgRadar gates argus-ai-scanner (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi argus-ai-scanner==1.12.0
Start free — 25 scans / moView full evidence