PkgRadar

PyPI · pypi.org

ctao-aiv-toolkit

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 5.1.3

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ctao_aiv_toolkit-5.1.3/src/aivkit/gitlab.py

Scanned versions

VersionVerdictScoreScanned (UTC)
5.1.3High risk302026-06-01

Block this in CI

PkgRadar gates ctao-aiv-toolkit (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ctao-aiv-toolkit==5.1.3
Start free — 25 scans / moView full evidence