PkgRadar

PyPI · pypi.org

fabric-skills-settings

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.5

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · fabric_skills_settings-0.5/cli/tools/notebook/deploy.py
mediumRemote Payloadmatched "github.com/rtk-ai/rtk/releases/download" · fabric_skills_settings-0.5/cli/setup/setup.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
0.5High risk422026-05-30
0.4High risk422026-05-30

Block this in CI

PkgRadar gates fabric-skills-settings (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi fabric-skills-settings==0.5
Start free — 25 scans / moView full evidence