PkgRadar

PyPI · pypi.org

cheetahclaws

Py Runtime Dynamic Dangerous Import: Dynamic __import__('sys') — reflection bypass for static checks.

Why PkgRadar flagged 3.5.82

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('sys') — reflection bypass for static checks. · cheetahclaws-3.5.82/bridges/wechat.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · cheetahclaws-3.5.82/modular/video/tts.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.5.82High risk652026-06-05
3.5.81High risk652026-06-05

Block this in CI

PkgRadar gates cheetahclaws (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi cheetahclaws==3.5.82
Start free — 25 scans / moView full evidence
cheetahclaws — PyPI security scan | PkgRadar