PyPI · pypi.org
mcp-stealth-chrome
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 0.4.12
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · mcp_stealth_chrome-0.4.12/src/mcp_stealth_chrome/server.py |
| medium | Py Custom Build Backend | Non-standard PEP 517 build-backend `uv_build` — runs custom code at install time. · pyproject.toml |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.4.12 | High risk | 45 | 2026-06-08 |
Block this in CI
pkgradar gate --ecosystem pypi mcp-stealth-chrome==0.4.12