PkgRadar

PyPI · pypi.org

auto-coder

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 3.0.56

SeveritySignalEvidence
mediumPy Import Time Subprocesssubprocess call — process spawning. · auto_coder-3.0.56/src/autocoder/common/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · auto_coder-3.0.56/src/autocoder/utils/__init__.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · auto_coder-3.0.56/src/autocoder/utils/_markitdown.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.0.56High risk402026-06-04

Block this in CI

PkgRadar gates auto-coder (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi auto-coder==3.0.56
Start free — 25 scans / moView full evidence
auto-coder — PyPI security scan | PkgRadar