PyPI · pypi.org

icdev

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 1.2.29

Severity	Signal	Evidence
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('os') — reflection bypass for static checks. · icdev-1.2.29/icdev/tools/data/validation_runner.py
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · icdev-1.2.29/icdev/tools/databridge/forge/sandbox_adapter.py
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('os') — reflection bypass for static checks. · icdev-1.2.29/icdev/tools/genesis/reflexes/govchain_anchor.py
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('sys') — reflection bypass for static checks. · icdev-1.2.29/icdev/tools/security/agent_trust_scorer.py
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('sys') — reflection bypass for static checks. · icdev-1.2.29/icdev/tools/security/mcp_tool_authorizer.py
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('sys') — reflection bypass for static checks. · icdev-1.2.29/icdev/tools/security/prompt_injection_detector.py
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('sys') — reflection bypass for static checks. · icdev-1.2.29/icdev/tools/security/tool_chain_validator.py
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('os') — reflection bypass for static checks. · icdev-1.2.29/icdev/tools/studio/executors/validation_runner.py
medium	Credential file access	matched "AWS_ACCESS_KEY" · icdev-1.2.29/icdev/tools/data/terraform_destroy.py
medium	Credential file access	matched "AWS_ACCESS_KEY" · icdev-1.2.29/icdev/tools/data_canvas/csp.py
medium	Credential file access	matched "AWS_ACCESS_KEY" · icdev-1.2.29/icdev/tools/infra_canvas/adapters/localstack_adapter.py
medium	Credential file access	matched "AWS_ACCESS_KEY" · icdev-1.2.29/icdev/tools/studio/executors/_base.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.2.29`	High risk	218	2026-06-02
`1.2.28`	High risk	218	2026-05-30

Block this in CI

PkgRadar gates icdev (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi icdev==1.2.29

Start free — 25 scans / mo View full evidence