PkgRadar

PyPI · pypi.org

ok-script

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.0.160

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ok_script-1.0.160/ok/third_party/paperclip.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.160High risk152026-06-17
1.0.159High risk152026-06-11
1.0.158High risk152026-06-11
1.0.157High risk152026-06-11
1.0.156High risk152026-06-10
1.0.155High risk152026-06-05
1.0.154High risk152026-06-03
1.0.153High risk152026-06-03
1.0.152High risk152026-06-02
1.0.151High risk152026-06-01
1.0.150High risk152026-06-01
1.0.149High risk152026-05-31
1.0.148High risk152026-05-30
1.0.147High risk152026-05-30
1.0.145High risk152026-05-30
1.0.144High risk152026-05-30
1.0.146High risk152026-05-30

Block this in CI

PkgRadar gates ok-script (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ok-script==1.0.160
Start free — 25 scans / moView full evidence