PyPI · pypi.org

openviking

Py Install Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 0.3.24

Severity	Signal	Evidence
medium	Py Install Time Subprocess	subprocess call — process spawning. · openviking-0.3.24/setup.py
high	Credential File Packaged	openviking-0.3.24/docs/.npmrc · openviking-0.3.24/docs/.npmrc
medium	Remote Payload	matched "raw.githubusercontent.com" · openviking-0.3.24/crates/ov_cli/test_ov.sh
medium	Remote Payload	matched "curl " · openviking-0.3.24/docker/openviking-entrypoint.sh
medium	Remote Payload	matched "curl " · openviking-0.3.24/openviking_cli/utils/ollama.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.3.24`	High risk	131	2026-06-05
`0.3.23`	Review	32	2026-06-03
`0.3.22`	High risk	131	2026-05-30
`0.3.21`	High risk	131	2026-05-30

Block this in CI

PkgRadar gates openviking (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi openviking==0.3.24