PkgRadar

PyPI · pypi.org

katvan

Remote Payload: matched "curl "

Why PkgRadar flagged 0.5.3

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · katvan-0.5.3/.claude/skills/cicd/scripts/pr-status.sh
mediumRemote Payloadmatched "curl " · katvan-0.5.3/.claude/skills/sonarclaude/scripts/sonar.sh
mediumObfuscation Densityhigh encoded/escaped-token density · katvan-0.5.3/site-astro/package-lock.json

Scanned versions

VersionVerdictScoreScanned (UTC)
0.5.6Low risk02026-06-05
0.5.5Low risk02026-05-31
0.5.4Low risk02026-05-30
0.5.0Low risk02026-05-30
0.5.3Review392026-05-27
0.5.2Review392026-05-27
0.5.1Review272026-05-26

Block this in CI

PkgRadar gates katvan (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi katvan==0.5.3
Start free — 25 scans / moView full evidence
katvan — PyPI security scan | PkgRadar