PyPI · pypi.org

toil

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 9.5.0

Severity	Signal	Evidence
medium	Py Import Time Subprocess	subprocess call — process spawning. · toil-9.5.0/src/toil/__init__.py
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · toil-9.5.0/src/toil/batchSystems/contained_executor.py
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · toil-9.5.0/src/toil/worker.py
medium	Credential file access	matched "id_rsa" · toil-9.5.0/setup_gitlab_ssh.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`9.5.0`	Review	29	2026-06-03

Block this in CI

PkgRadar gates toil (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi toil==9.5.0