PyPI · pypi.org
xgo-blockly-luwuos
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 1.0.5.3
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · xgo_blockly_luwuos-1.0.5.3/xgo_blockly/services/voice_chat.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.0.5.3 | High risk | 30 | 2026-06-11 |
1.0.5.1 | High risk | 30 | 2026-06-10 |
1.0.2.2 | High risk | 30 | 2026-05-30 |
1.0.5.0 | High risk | 30 | 2026-05-30 |
1.0.4.5 | High risk | 30 | 2026-05-30 |
1.0.4.4 | High risk | 30 | 2026-05-30 |
1.0.4.3 | High risk | 30 | 2026-05-30 |
1.0.4.1 | High risk | 30 | 2026-05-30 |
1.0.4.0 | High risk | 30 | 2026-05-30 |
1.0.3.9 | High risk | 30 | 2026-05-30 |
1.0.3.8 | High risk | 30 | 2026-05-30 |
1.0.3.7 | High risk | 30 | 2026-05-30 |
1.0.3.6 | High risk | 30 | 2026-05-30 |
1.0.3.5 | High risk | 30 | 2026-05-30 |
1.0.3.3 | High risk | 30 | 2026-05-30 |
1.0.3.4 | High risk | 30 | 2026-05-30 |
1.0.3.2 | High risk | 30 | 2026-05-30 |
1.0.3.0 | High risk | 30 | 2026-05-30 |
1.0.3.1 | High risk | 30 | 2026-05-30 |
1.0.2.9 | High risk | 30 | 2026-05-30 |
1.0.2.8 | High risk | 30 | 2026-05-30 |
1.0.2.7 | High risk | 30 | 2026-05-30 |
1.0.2.6 | High risk | 30 | 2026-05-30 |
1.0.2.5 | High risk | 30 | 2026-05-30 |
1.0.2.4 | High risk | 30 | 2026-05-30 |
1.0.2.3 | High risk | 30 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi xgo-blockly-luwuos==1.0.5.3