PyPI · pypi.org

fastcrest-tether

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.12.0

Severity	Signal	Evidence
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · fastcrest_tether-0.12.0/scripts/modal_zmq_vs_http_ab.py
medium	Py Import Time Ctypes Load	ctypes.CDLL/cdll.LoadLibrary — loads native code into the process. · fastcrest_tether-0.12.0/src/tether/__init__.py
medium	Remote Payload	matched "curl " · fastcrest_tether-0.12.0/infra/contribution-worker/deploy.sh
medium	Remote Payload	matched "curl " · fastcrest_tether-0.12.0/infra/license-worker/deploy.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.12.0`	High risk	78	2026-06-10

Block this in CI

PkgRadar gates fastcrest-tether (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi fastcrest-tether==0.12.0