PkgRadar

PyPI · pypi.org

sap-datasphere-mcp

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.4.0

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · sap_datasphere_mcp-1.4.0/sap_datasphere_mcp_server.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.4.0High risk242026-06-01
1.3.0High risk242026-05-31

Block this in CI

PkgRadar gates sap-datasphere-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi sap-datasphere-mcp==1.4.0
Start free — 25 scans / moView full evidence