PkgRadar

PyPI · pypi.org

ratio1

Webhook Exfil Endpoint: matched "ngrok.app"

Why PkgRadar flagged 3.5.43

SeveritySignalEvidence
highWebhook Exfil Endpointmatched "ngrok.app" · ratio1-3.5.43/xperimental/_checks/cstore_check.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ratio1-3.5.43/ratio1/code_cheker/base.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ratio1-3.5.43/ratio1/ipfs/r1fs.py
mediumRemote Payloadmatched "wget " · ratio1-3.5.43/ratio1/ipfs/ipfs_setup/setup.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
3.5.43High risk512026-06-05
3.5.42High risk512026-06-05

Block this in CI

PkgRadar gates ratio1 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ratio1==3.5.43
Start free — 25 scans / moView full evidence