PkgRadar

PyPI · pypi.org

geno-lewm

Remote Payload: matched "curl "

Why PkgRadar flagged 0.2.1

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · geno_lewm-0.2.1/tools/jobs/proof_run.sh
mediumRemote Payloadmatched "github.com/${GH_REPO}/releases/download" · geno_lewm-0.2.1/tools/jobs/publish_run.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.1Review242026-06-09

Block this in CI

PkgRadar gates geno-lewm (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi geno-lewm==0.2.1
Start free — 25 scans / moView full evidence