PkgRadar

PyPI · pypi.org

word-mcp-live

Py Runtime Dynamic Dangerous Import: Dynamic __import__('sys') — reflection bypass for static checks.

Why PkgRadar flagged 1.6.20

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('sys') — reflection bypass for static checks. · word_mcp_live-1.6.20/word_document_server/tools/live_read_tools.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('sys') — reflection bypass for static checks. · word_mcp_live-1.6.20/word_document_server/tools/live_tools.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.6.20High risk502026-05-30
1.6.19High risk502026-05-30
1.6.17High risk502026-05-30
1.6.15High risk502026-05-30
1.6.16High risk502026-05-30
1.6.14High risk502026-05-30
1.6.6High risk502026-05-30
1.6.5High risk502026-05-30
1.6.4High risk502026-05-30
1.5.6High risk502026-05-30
1.6.3High risk502026-05-30

Block this in CI

PkgRadar gates word-mcp-live (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi word-mcp-live==1.6.20
Start free — 25 scans / moView full evidence