PyPI · pypi.org
dh-cli
Py Import Time Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 0.8.8
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Import Time Subprocess | subprocess call — process spawning. · dh_cli-0.8.8/src/dh_cli/hz/__init__.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · dh_cli-0.8.8/src/dh_cli/hz/test.py |
| medium | Credential file access | matched "GOOGLE_APPLICATION_CREDENTIALS" · dh_cli-0.8.8/src/dh_cli/cloud_commands.py |
| medium | Credential file access | matched ".ssh/" · dh_cli-0.8.8/src/dh_cli/engines_studios/engine_commands.py |
| medium | Credential file access | matched ".ssh/" · dh_cli-0.8.8/src/dh_cli/engines_studios/ssh_config.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.8.8 | High risk | 97 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem pypi dh-cli==0.8.8