PkgRadar

PyPI · pypi.org

ork-build

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.0.303.dev18

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ork_build-0.0.303.dev18/modules/docker/cicd/ci_impl/_masterimpl.py
mediumRemote Payloadmatched "curl " · ork_build-0.0.303.dev18/bin_pub/obt.ix.installdeps.ubuntu_x86_64.py
mediumRemote Payloadmatched "wget " · ork_build-0.0.303.dev18/modules/docker/ps1dev/fetch.sh
mediumCredential file accessmatched ".ssh/" · ork_build-0.0.303.dev18/modules/docker/cicd/bin/test_worker_android.py
mediumCredential file accessmatched ".ssh/" · ork_build-0.0.303.dev18/modules/docker/cicd/bin/test_worker_ub20.py
mediumCredential file accessmatched ".ssh/" · ork_build-0.0.303.dev18/modules/docker/cicd/bin/test_worker_ub22.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.303.dev18High risk472026-06-12
0.0.303.dev17High risk472026-06-12
0.0.303.dev16High risk472026-06-12
0.0.303.dev15High risk472026-05-30

Block this in CI

PkgRadar gates ork-build (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ork-build==0.0.303.dev18
Start free — 25 scans / moView full evidence