PkgRadar

PyPI · pypi.org

fastmcp

Remote Payload: matched "curl "

Why PkgRadar flagged 3.4.2

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · fastmcp-3.4.2/.claude/hooks/session-init.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
3.4.2Review62026-06-06
3.4.1Review62026-06-05
3.4.0Review62026-06-03

Block this in CI

PkgRadar gates fastmcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi fastmcp==3.4.2
Start free — 25 scans / moView full evidence
fastmcp — PyPI security scan | PkgRadar