PyPI · pypi.org

snakemake-executor-plugin-slurm-jobstep

Py Import Time Subprocess: subprocess call with shell=True — passes argv to /bin/sh.

Why PkgRadar flagged 0.6.1

Severity	Signal	Evidence
medium	Py Import Time Subprocess	subprocess call with shell=True — passes argv to /bin/sh. · snakemake_executor_plugin_slurm_jobstep-0.6.1/snakemake_executor_plugin_slurm_jobstep/__init__.py
high	Py Import Time Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · snakemake_executor_plugin_slurm_jobstep-0.6.1/snakemake_executor_plugin_slurm_jobstep/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.6.1`	High risk	67	2026-05-30

Block this in CI

PkgRadar gates snakemake-executor-plugin-slurm-jobstep (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi snakemake-executor-plugin-slurm-jobstep==0.6.1