PyPI · pypi.org

vcztools

Remote Payload: matched "curl "

Why PkgRadar flagged 0.2.0

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · vcztools-0.2.0/validation/install/install_bgenix.sh
medium	Remote Payload	matched "curl " · vcztools-0.2.0/validation/install/install_bolt_lmm.sh
medium	Remote Payload	matched "curl " · vcztools-0.2.0/validation/install/install_plink19.sh
medium	Remote Payload	matched "curl " · vcztools-0.2.0/validation/install/install_qctool.sh
medium	Remote Payload	matched "github.com/rgcgithub/regenie/releases/download" · vcztools-0.2.0/validation/install/install_regenie.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.2.0`	High risk	60	2026-06-08

Block this in CI

PkgRadar gates vcztools (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi vcztools==0.2.0