PyPI · pypi.org
mindfabric-agent
Py Runtime Dynamic Dangerous Import: Dynamic __import__('sys') — reflection bypass for static checks.
Why PkgRadar flagged 1.1.366
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Dynamic Dangerous Import | Dynamic __import__('sys') — reflection bypass for static checks. · mindfabric_agent-1.1.366/core/ws/ws_client.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · mindfabric_agent-1.1.366/core/ws/ws_client.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · mindfabric_agent-1.1.366/plugins/ioc_scanner/modules/services/powershell_analyzer_service.py |
| high | Py Runtime Dynamic Dangerous Import | Dynamic __import__('socket') — reflection bypass for static checks. · mindfabric_agent-1.1.366/plugins/misconfigurations_detector/modules/services/output_service.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · mindfabric_agent-1.1.366/plugins/osint_finder/modules/analyzers/fp/private_key_metadata.py |
| high | DNS / OAST exfiltration | matched "dig -x {value} +short\",\n f\"curl -sS 'https://ipinfo.io/{value}/json'\",\n f\"nmap -sV -Pn --top-ports 100 {value}\",\n ],\n description=f\"WHOIS, reverse DNS, ipinfo.io JSON, and top-100 TCP scan on {value}\"\n )\n \n # DNS record\n elif finding_type == \"dns_record\" or finding_type == \"dns\":\n domain = value.split()[-1] if \" \" in value else value\n return ExploitationCommands(\n commands=[\n f\"# DNS enumeration for: {domain}\",\n f\"dig {domain} ANY +noall +answer\",\n f\"dig {domain} A\",\n f\"dig {domain} AAAA\",\n f\"dig {domain} MX\",\n f\"dig {domain} TXT\",\n f\"dig {domain} NS\",\n f\"dig {domain} SOA\",\n f\"dig {domain} CNAME\",\n f\"# DNS zone transfer attempt:\",\n f\"dig axfr @$(" · mindfabric_agent-1.1.366/plugins/osint_finder/output_service.py |
| high | DNS / OAST exfiltration | matched "burpcollaborator.net" · mindfabric_agent-1.1.366/plugins/web_application_scanner/modules/databases/web_scanner_databases.py |
| medium | Credential file access | matched ".ssh/" · mindfabric_agent-1.1.366/plugins/osint_finder/modules/analyzers/fp/private_key_metadata.py |
| medium | Credential file access | matched ".ssh/" · mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/agent_exploitation/ssh_agent_exploiter.py |
| medium | Credential file access | matched ".ssh/" · mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/tunneling/advanced_ssh_techniques.py |
| medium | Credential file access | matched ".npmrc" · mindfabric_agent-1.1.366/plugins/supply_chain_attack/modules/databases/supply_chain_databases.py |
| medium | Credential file access | matched "AWS_ACCESS_KEY" · mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/scanners/aws_secrets_scanner.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.1.366 | High risk | 270 | 2026-05-30 |
1.1.365 | High risk | 270 | 2026-05-30 |
1.1.364 | High risk | 270 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi mindfabric-agent==1.1.366