PkgRadar

PyPI · pypi.org

praisonaippt

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.4.40

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · praisonaippt-1.4.40/praisonaippt/avatar_layouts.py
mediumRemote Payloadmatched "curl " · praisonaippt-1.4.40/install.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.4.40High risk292026-06-12
1.4.39High risk292026-06-10
1.4.38High risk292026-06-09
1.4.37High risk292026-06-05
1.4.36High risk292026-06-05
1.4.35High risk292026-06-05
1.4.34High risk292026-06-05
1.4.33High risk292026-06-04
1.4.32High risk292026-06-04
1.4.31High risk292026-06-04
1.4.30High risk292026-06-04
1.4.29High risk292026-06-04
1.4.25High risk292026-06-04
1.4.24High risk292026-06-04
1.4.23Review82026-06-04
1.4.22Review82026-06-04
1.4.21Review82026-06-04
1.4.20Review82026-06-03
1.4.19Review82026-06-03
1.4.18Review82026-06-03
1.4.17Review82026-06-03

Block this in CI

PkgRadar gates praisonaippt (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi praisonaippt==1.4.40
Start free — 25 scans / moView full evidence