PkgRadar

PyPI · pypi.org

lilbee

Remote Payload: matched "github.com/tobocop2/lilbee/releases/download"

Why PkgRadar flagged 0.6.66b501

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/tobocop2/lilbee/releases/download" · lilbee-0.6.66b501/packaging/tools/render_flatpak_manifest.sh
mediumRemote Payloadmatched "github.com/explosion/spacy-models/releases/download" · lilbee-0.6.66b501/tools/wheel-build/build_lilbee_binary.sh
mediumRemote Payloadmatched "wget " · lilbee-0.6.66b501/tools/wheel-build/install_gpu_toolkit.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
0.6.66b501High risk362026-06-17
0.6.66b499Low risk02026-06-16
0.6.66b498Low risk02026-06-15
0.6.66b497High risk362026-06-15
0.6.66b496High risk362026-06-13
0.6.66b495Review242026-06-12
0.6.66b494Review242026-06-11
0.6.66b493Review242026-06-07
0.6.66b492Review242026-06-07
0.6.66b490Low risk02026-06-06
0.6.66b489Review242026-05-31
0.6.66b488Review242026-05-31
0.6.66b487Low risk02026-05-31
0.6.66b486Review242026-05-30
0.6.66b484Review242026-05-30
0.6.66b485Review242026-05-30

Block this in CI

PkgRadar gates lilbee (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi lilbee==0.6.66b501
Start free — 25 scans / moView full evidence