PkgRadar

PyPI · pypi.org

coginework

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.1.10b3

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · coginework-1.1.10b3/src/coginework/agents/utils/file_handling.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · coginework-1.1.10b3/src/coginework/app/channels/imessage/channel.py
mediumRemote Payloadmatched "wget " · coginework-1.1.10b3/src/coginework/agents/utils/file_handling.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.10b3High risk732026-06-04

Block this in CI

PkgRadar gates coginework (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi coginework==1.1.10b3
Start free — 25 scans / moView full evidence