PkgRadar

PyPI · pypi.org

corio

Credential file access: matched "id_rsa"

Why PkgRadar flagged 2.4.1

SeveritySignalEvidence
highCredential file accessmatched "id_rsa" · corio-2.4.1/corio/infra/repository.py
mediumRemote Payloadmatched "curl " · corio-2.4.1/corio/yml.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.4.1High risk422026-06-08
2.4.0High risk422026-05-31
2.4.0a0High risk422026-05-31

Block this in CI

PkgRadar gates corio (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi corio==2.4.1
Start free — 25 scans / moView full evidence