PyPI · pypi.org
openyuanrong-sdk
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 0.7.51
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · yr/cli/scripts.py |
| medium | Py Import Time Ctypes Load | ctypes.CDLL/cdll.LoadLibrary — loads native code into the process. · yr/__init__.py |
| medium | Large Native Blob | 27897760 bytes · yr/fnruntime.cpython-310-darwin.so |
| medium | Large Native Blob | 27792480 bytes · yr/cpp/lib/libyr-api.so |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.7.51 | High risk | 74 | 2026-06-12 |
0.7.49 | High risk | 74 | 2026-06-08 |
0.7.48 | High risk | 74 | 2026-06-04 |
0.7.47 | High risk | 74 | 2026-06-03 |
0.7.46 | High risk | 74 | 2026-05-31 |
0.7.45 | High risk | 74 | 2026-05-31 |
0.7.44 | High risk | 74 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi openyuanrong-sdk==0.7.51