PyPI · pypi.org
planemo
Py Runtime Subprocess: subprocess call with shell=True — passes argv to /bin/sh.
Why PkgRadar flagged 0.75.44
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Runtime Subprocess | subprocess call with shell=True — passes argv to /bin/sh. · planemo-0.75.44/planemo/tool_builder.py |
| medium | Py Runtime Subprocess | subprocess call with shell=True — passes argv to /bin/sh. · planemo-0.75.44/planemo/xml/validation.py |
| medium | Py Runtime Subprocess | subprocess call — process spawning. · planemo-0.75.44/planemo/database/postgres_singularity.py |
| medium | Py Runtime Subprocess | subprocess call — process spawning. · planemo-0.75.44/planemo/io.py |
| medium | Py Runtime Subprocess | subprocess call — process spawning. · planemo-0.75.44/planemo/shed2tap/base.py |
| medium | Py Runtime Eval Exec | Python eval()/exec() called on a string. · planemo-0.75.44/planemo/autopygen/argument_parser_conversion.py |
| medium | Remote Payload | matched "github.com/natefoo/slurm-drmaa/releases/download" · planemo-0.75.44/planemo/commands/cmd_slurm_init.py |
| medium | Remote Payload | matched "github.com/cli/cli/releases/download" · planemo-0.75.44/planemo/github_util.py |
| medium | Obfuscation Density | high encoded/escaped-token density · planemo-0.75.44/planemo/reports/markdown-it.min.js |
| medium | Remote Payload | matched "curl " · planemo-0.75.44/planemo/shed2tap/base.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.75.44 | Review | 50 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem pypi planemo==0.75.44