PyPI · pypi.org

grimoire-kit

Credential file access: matched "id_rsa"

Why PkgRadar flagged 3.5.0

Severity	Signal	Evidence
high	Credential file access	matched "id_rsa" · grimoire_kit-3.5.0/src/grimoire/missions/intake.py
high	Py Import Time Network Call	Network call (urllib/requests/httpx/http.client) at install or import time. · grimoire_kit-3.5.0/framework/memory/backends/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.5.0`	High risk	51	2026-06-08
`3.4.4`	High risk	21	2026-05-30
`3.4.3`	High risk	21	2026-05-30

Block this in CI

PkgRadar gates grimoire-kit (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi grimoire-kit==3.5.0