PkgRadar

PyPI · pypi.org

bog-agents-cli

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 0.9.4

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · bog_agents_cli-0.9.4/bog_agents_cli/claude_code_compat.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · bog_agents_cli-0.9.4/bog_agents_cli/remote_assets/ssh_submit.py
mediumCredential file accessmatched "AWS_ACCESS_KEY" · bog_agents_cli-0.9.4/bog_agents_cli/doctor_deep.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.9.4High risk902026-06-08

Block this in CI

PkgRadar gates bog-agents-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi bog-agents-cli==0.9.4
Start free — 25 scans / moView full evidence