PkgRadar

PyPI · pypi.org

frago-cli

Known Indicator Filename: frago_cli-1.0.0/src/frago/chrome/cdp/stealth.js

Why PkgRadar flagged 1.0.0

SeveritySignalEvidence
highKnown Indicator Filenamefrago_cli-1.0.0/src/frago/chrome/cdp/stealth.js · frago_cli-1.0.0/src/frago/chrome/cdp/stealth.js
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · frago_cli-1.0.0/src/frago/chrome/backends/extension.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · frago_cli-1.0.0/src/frago/recipes/installer.py
mediumRemote Payloadmatched "curl " · frago_cli-1.0.0/local_install.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.0High risk742026-06-04

Block this in CI

PkgRadar gates frago-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi frago-cli==1.0.0
Start free — 25 scans / moView full evidence