PkgRadar

PyPI · pypi.org

sima-cli

Py Install Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 2.1.11

SeveritySignalEvidence
mediumPy Install Time Eval ExecPython eval()/exec() called on a string. · sima_cli-2.1.11/setup.py
mediumRemote Payloadmatched "curl " · sima_cli-2.1.11/sima_cli/sdk/utils.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.1.11Review282026-06-12
2.1.10Review282026-06-08
2.1.9Review282026-06-02

Block this in CI

PkgRadar gates sima-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi sima-cli==2.1.11
Start free — 25 scans / moView full evidence