PkgRadar

PyPI · pypi.org

ob-metaflow-extensions

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 1.6.22

SeveritySignalEvidence
mediumPy Import Time Subprocesssubprocess call — process spawning. · ob_metaflow_extensions-1.6.22/metaflow_extensions/outerbounds/plugins/torchtune/__init__.py
mediumCredential file accessmatched "AWS_ACCESS_KEY" · ob_metaflow_extensions-1.6.22/metaflow_extensions/outerbounds/plugins/__init__.py
mediumCredential file accessmatched "aws_access_key" · ob_metaflow_extensions-1.6.22/metaflow_extensions/outerbounds/plugins/checkpoint_datastores/coreweave.py
mediumCredential file accessmatched "aws_access_key" · ob_metaflow_extensions-1.6.22/metaflow_extensions/outerbounds/plugins/checkpoint_datastores/nebius.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.6.22Review312026-06-11
1.6.21Review312026-06-09
1.6.20Review312026-06-03

Block this in CI

PkgRadar gates ob-metaflow-extensions (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ob-metaflow-extensions==1.6.22
Start free — 25 scans / moView full evidence