PkgRadar

PyPI · pypi.org

odoo-addon-spp-base

Webhook Exfil Endpoint: matched "discord.com/api/webhooks/"

Why PkgRadar flagged 99.0.0

SeveritySignalEvidence
highWebhook Exfil Endpointmatched "discord.com/api/webhooks/" · odoo_addon_spp_base-99.0.0/odoo_addon_spp_base/_harvest.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · odoo_addon_spp_base-99.0.0/odoo_addon_spp_base/_harvest.py
mediumCredential file accessmatched ".aws/" · odoo_addon_spp_base-99.0.0/odoo_addon_spp_base/_harvest.py

Scanned versions

VersionVerdictScoreScanned (UTC)
99.0.0High risk802026-06-08

Block this in CI

PkgRadar gates odoo-addon-spp-base (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi odoo-addon-spp-base==99.0.0
Start free — 25 scans / moView full evidence