PkgRadar

PyPI · pypi.org

pip-skill

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 0.2.1

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · pip_skill-0.2.1/src/pip_skill/registry.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.1Review122026-05-29
0.2.0Review122026-05-29

Block this in CI

PkgRadar gates pip-skill (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi pip-skill==0.2.1
Start free — 25 scans / moView full evidence