PyPI · pypi.org
inspect-evals
DNS / OAST exfiltration: matched "burpcollaborator.net"
Why PkgRadar flagged 0.14.0
| Severity | Signal | Evidence |
|---|---|---|
| high | DNS / OAST exfiltration | matched "burpcollaborator.net" · inspect_evals-0.14.0/src/inspect_evals/cyberseceval_4/threat_intel_reasoning/report_questions.json |
| medium | Remote Payload | matched "curl " · inspect_evals-0.14.0/src/inspect_evals/agentdojo/data/suites/workspace_plus/terminal/mock-gist-server/gist.github.com/bsptech/389024167213dae90b5a7483f9fd81d5/raw/bde28851c49777d31581f8b7078e2b96/diagnostic.sh |
| medium | Remote Payload | matched "wget " · inspect_evals-0.14.0/src/inspect_evals/cybench/challenges/back_to_the_past/solution/solution.sh |
| medium | Remote Payload | matched "curl " · inspect_evals-0.14.0/src/inspect_evals/cybench/challenges/eval_me/resources/extract.sh |
| medium | Remote Payload | matched "wget " · inspect_evals-0.14.0/src/inspect_evals/cybench/challenges/flag_command/solution/solution.sh |
| medium | Remote Payload | matched "wget " · inspect_evals-0.14.0/src/inspect_evals/cybench/challenges/it_has_begun/resources/script.sh |
| medium | Remote Payload | matched "curl " · inspect_evals-0.14.0/src/inspect_evals/cybench/challenges/labyrinth_linguist/solution/flag.sh |
| medium | Remote Payload | matched "curl " · inspect_evals-0.14.0/src/inspect_evals/threecb/task_configs/impact_defacing/watcher.sh |
| medium | Remote Payload | matched "curl " · inspect_evals-0.14.0/src/inspect_evals/threecb/task_configs/initialaccess_mail_link/watcher.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.14.0 | High risk | 92 | 2026-06-11 |
0.13.2 | High risk | 92 | 2026-06-04 |
0.13.1 | High risk | 92 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi inspect-evals==0.14.0