PyPI · pypi.org
crucible-security
Webhook Exfil Endpoint: matched "webhook.site"
Why PkgRadar flagged 0.5.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Webhook Exfil Endpoint | matched "webhook.site" · crucible_security-0.5.0/crucible/attacks/multi_turn_strategies.py |
| high | DNS / OAST exfiltration | matched "burpcollaborator.net" · crucible_security-0.5.0/crucible/attacks/exfiltration_kit.py |
| medium | Py Import Time Eval Exec | Python eval()/exec() called on a string. · crucible_security-0.5.0/.venv_ci/Lib/site-packages/pip/_vendor/packaging/licenses/__init__.py |
| medium | Py Import Time Eval Exec | Python eval()/exec() called on a string. · crucible_security-0.5.0/.venv_ci/Lib/site-packages/pip/_vendor/pkg_resources/__init__.py |
| medium | Py Import Time Eval Exec | Python eval()/exec() called on a string. · crucible_security-0.5.0/.venv_test/Lib/site-packages/pip/_vendor/packaging/licenses/__init__.py |
| medium | Py Import Time Eval Exec | Python eval()/exec() called on a string. · crucible_security-0.5.0/.venv_test/Lib/site-packages/pip/_vendor/pkg_resources/__init__.py |
| medium | Remote Payload | matched "curl " · crucible_security-0.5.0/crucible/attacks/multi_agent_contagion.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.5.0 | High risk | 182 | 2026-06-03 |
Block this in CI
pkgradar gate --ecosystem pypi crucible-security==0.5.0