PyPI · pypi.org
workpilot
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 0.26.4
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · workpilot-0.26.4/workpilot/security/secrets.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.26.4 | High risk | 40 | 2026-06-12 |
0.26.3 | High risk | 40 | 2026-06-10 |
0.26.2 | High risk | 40 | 2026-06-08 |
0.26.1 | High risk | 40 | 2026-06-07 |
0.26.0 | High risk | 40 | 2026-06-05 |
0.25.1 | High risk | 40 | 2026-06-03 |
0.25.0 | High risk | 40 | 2026-06-02 |
0.24.1 | High risk | 40 | 2026-05-30 |
0.24.0 | High risk | 40 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi workpilot==0.26.4