PkgRadar

PyPI · pypi.org

elephant-agent

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 1.0.0.dev20260601023325

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · elephant_agent-1.0.0.dev20260601023325/apps/daemon.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · elephant_agent-1.0.0.dev20260601023325/apps/provider_runtime_support.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · elephant_agent-1.0.0.dev20260601023325/packages/auth/discovery.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · elephant_agent-1.0.0.dev20260601023325/packages/sandbox/backends/docker.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · elephant_agent-1.0.0.dev20260601023325/packages/sandbox/backends/sdk.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · elephant_agent-1.0.0.dev20260601023325/packages/sandbox/backends/ssh.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.0.dev20260601023325High risk1152026-06-01
1.0.0.dev20260530111023High risk1102026-05-30
1.0.0.dev20260530073759High risk1102026-05-30
1.0.0.dev20260530071806High risk1102026-05-30
1.0.0.dev20260530065835High risk1102026-05-30
1.0.0.dev20260530064236High risk1102026-05-30
1.0.0.dev20260530063005High risk1102026-05-30
1.0.0.dev20260530053359High risk1102026-05-30
1.0.0.dev20260530051354High risk1102026-05-30
1.0.0.dev20260530045728High risk1102026-05-30
1.0.0.dev20260530041731High risk1102026-05-30
1.0.0.dev20260530033031High risk1102026-05-30
1.0.0.dev20260530030757High risk1102026-05-30
1.0.0.dev20260530023032High risk1102026-05-30
1.0.0.dev20260530015824High risk1102026-05-30
1.0.0.dev20260530010508High risk1102026-05-30
1.0.0.dev20260530005021High risk1102026-05-30
1.0.0.dev20260530002628High risk1102026-05-30
1.0.0.dev20260530003749High risk1102026-05-30
1.0.0.dev20260530001226High risk1102026-05-30
1.0.0.dev20260530000257High risk1102026-05-30
1.0.0.dev20260529234947High risk1102026-05-30
1.0.0.dev20260529230902High risk1102026-05-30
1.0.0.dev20260529225316High risk1102026-05-30
1.0.0.dev20260529220921High risk1102026-05-30
1.0.0.dev20260529215434High risk1102026-05-30
1.0.0.dev20260529210514High risk1102026-05-30
1.0.0.dev20260529204718High risk1102026-05-30
1.0.0.dev20260529205649High risk1102026-05-30
1.0.0.dev20260529202638High risk1102026-05-30
1.0.0.dev20260529203458High risk1102026-05-30
1.0.0.dev20260529202958High risk1102026-05-30
1.0.0.dev20260529202042High risk1102026-05-30
1.0.0.dev20260529193202High risk1102026-05-30
1.0.0.dev20260529191548High risk1102026-05-30
1.0.0.dev20260529184645High risk1102026-05-30
1.0.0.dev20260529183832High risk1102026-05-30
1.0.0.dev20260529182349High risk1102026-05-30
1.0.0.dev20260529181008High risk1102026-05-30
1.0.0.dev20260529175119High risk1102026-05-30
1.0.0.dev20260529174000High risk1102026-05-30
1.0.0.dev20260529172211High risk1102026-05-30
1.0.0.dev20260528161344High risk1102026-05-30
1.0.0.dev20260528121009High risk1102026-05-30
1.0.0.dev20260528115026High risk1102026-05-30

Block this in CI

PkgRadar gates elephant-agent (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi elephant-agent==1.0.0.dev20260601023325
Start free — 25 scans / moView full evidence