PyPI · pypi.org

sciveo

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.2.33

Severity	Signal	Evidence
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · sciveo-0.2.33/sciveo/admin/server.py
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · sciveo-0.2.33/sciveo/network/health.py
medium	Credential file access	matched ".ssh/" · sciveo-0.2.33/sciveo/admin/server.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.2.33`	High risk	35	2026-06-16
`0.2.32`	High risk	35	2026-06-15
`0.2.31`	High risk	35	2026-06-14
`0.2.30`	High risk	20	2026-06-07
`0.2.29`	High risk	20	2026-06-07
`0.2.28`	High risk	20	2026-06-06
`0.2.27`	High risk	20	2026-06-06
`0.2.26`	High risk	20	2026-06-06
`0.2.25`	High risk	20	2026-06-06
`0.2.24`	Review	5	2026-05-29
`0.2.23`	Review	5	2026-05-29
`0.2.22`	Review	12	2026-05-27

Block this in CI

PkgRadar gates sciveo (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi sciveo==0.2.33