PkgRadar

PyPI · pypi.org

tina4-python

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 3.13.3

SeveritySignalEvidence
mediumPy Import Time Subprocesssubprocess call — process spawning. · tina4_python-3.13.3/tina4_python/ai/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · tina4_python-3.13.3/tina4_python/cli/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · tina4_python-3.13.3/tina4_python/dev_admin/__init__.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · tina4_python-3.13.3/tina4_python/mcp/tools.py
mediumPy Import Time Network CallNetwork call (urllib/requests/httpx/http.client) at install or import time. · tina4_python-3.13.3/tina4_python/dev_admin/__init__.py
highPy Import Time Raw SocketRaw socket creation at install or import time. · tina4_python-3.13.3/tina4_python/cache/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.13.3High risk612026-06-03
3.13.2High risk612026-06-03
3.13.1High risk612026-06-02
3.13.0High risk612026-06-01
3.12.14High risk612026-06-01
3.12.13High risk612026-05-30

Block this in CI

PkgRadar gates tina4-python (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi tina4-python==3.13.3
Start free — 25 scans / moView full evidence
tina4-python — PyPI security scan | PkgRadar