PkgRadar

PyPI · pypi.org

spotiflac

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.1.0

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · spotiflac-1.1.0/SpotiFLAC/providers/amazon.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · spotiflac-1.1.0/SpotiFLAC/providers/tidal.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.0High risk502026-06-12
1.0.9High risk502026-06-12
1.0.8High risk502026-06-11
1.0.7High risk502026-06-11
1.0.6High risk502026-06-11
1.0.5High risk502026-06-11
1.0.4High risk502026-06-10
1.0.3High risk502026-06-10
1.0.2High risk502026-06-10
1.0.1High risk502026-06-09
1.0.0Low risk02026-06-08
0.9.9High risk502026-06-06
0.9.8High risk502026-06-06
0.9.7High risk502026-06-06
0.9.6High risk502026-06-06
0.9.5High risk502026-06-06
0.9.4High risk502026-06-06
0.9.3High risk502026-06-06
0.9.2High risk502026-06-06
0.9.1High risk502026-06-06
0.9.0High risk502026-06-05
0.8.9High risk502026-06-05
0.8.7Low risk02026-06-05
0.8.6High risk502026-06-05
0.8.5High risk502026-06-05
0.8.4High risk502026-06-03
0.8.3High risk502026-06-02
0.8.2High risk502026-06-02
0.8.1High risk502026-06-02
0.8.0High risk502026-06-02
0.7.9High risk502026-06-02
0.7.8High risk502026-06-01
0.7.7High risk502026-05-31
0.7.6High risk502026-05-30
0.7.5High risk502026-05-30
0.7.4High risk502026-05-30
0.7.1High risk502026-05-30
0.7.0High risk502026-05-30
0.6.9High risk502026-05-30
0.6.8High risk502026-05-30
0.6.7High risk502026-05-30
0.6.6High risk502026-05-30
0.6.5High risk502026-05-30
0.6.4High risk502026-05-30
0.6.3High risk502026-05-30
0.6.2High risk502026-05-30
0.6.1High risk502026-05-30
0.7.3Low risk02026-05-30
0.7.2Low risk02026-05-30

Block this in CI

PkgRadar gates spotiflac (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi spotiflac==1.1.0
Start free — 25 scans / moView full evidence