PkgRadar

PyPI · pypi.org

koru

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 0.1.340

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · koru-0.1.340/src/koru/autopilot/diagnose_vdisplay_cli.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · koru-0.1.340/src/koruvision/providers/portal_screencast.py
mediumRemote Payloadmatched "curl " · koru-0.1.340/src/koru/autonomy/replay_handlers.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.340High risk772026-06-12
0.1.339High risk772026-06-12
0.1.338High risk772026-06-12
0.1.337High risk472026-06-12
0.1.336High risk472026-06-12
0.1.335High risk472026-06-12
0.1.334High risk472026-06-12
0.1.333High risk472026-06-12
0.1.332High risk472026-06-11
0.1.331High risk472026-06-11
0.1.330High risk472026-06-11
0.1.329High risk472026-06-11
0.1.328High risk472026-06-11
0.1.327High risk472026-06-11
0.1.326High risk472026-06-10
0.1.325High risk472026-06-10
0.1.324High risk472026-06-10
0.1.323High risk472026-06-10
0.1.322High risk472026-06-09
0.1.321High risk472026-06-09
0.1.319High risk472026-06-08
0.1.318High risk472026-06-07
0.1.317High risk472026-06-07
0.1.316High risk472026-06-07
0.1.315High risk472026-06-07
0.1.314High risk472026-06-06
0.1.313High risk472026-06-06
0.1.312High risk472026-06-04
0.1.311High risk472026-06-04
0.1.310High risk472026-06-04
0.1.309High risk472026-06-02
0.1.308High risk352026-06-02
0.1.307High risk352026-06-02
0.1.306High risk352026-06-02
0.1.304High risk352026-06-01
0.1.303High risk352026-06-01
0.1.302High risk352026-06-01
0.1.301High risk352026-06-01
0.1.300High risk352026-05-30
0.1.299High risk352026-05-30
0.1.298High risk352026-05-30
0.1.297High risk352026-05-30
0.1.296High risk352026-05-30
0.1.295High risk352026-05-30
0.1.294High risk352026-05-30
0.1.293High risk352026-05-30
0.1.292High risk352026-05-30

Block this in CI

PkgRadar gates koru (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi koru==0.1.340
Start free — 25 scans / moView full evidence