PkgRadar

PyPI · pypi.org

prefect-ob

Py Import Time Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 3.7.2

SeveritySignalEvidence
highPy Import Time Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · prefect_ob-3.7.2/src/prefect/bundles/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · prefect_ob-3.7.2/src/prefect/bundles/__init__.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · prefect_ob-3.7.2/src/prefect/server/api/server.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · prefect_ob-3.7.2/src/prefect/utilities/callables/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.7.2High risk1602026-06-02

Block this in CI

PkgRadar gates prefect-ob (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi prefect-ob==3.7.2
Start free — 25 scans / moView full evidence