PkgRadar

PyPI · pypi.org

xingzierai

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.207.1

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · xingzierai-0.207.1/src/xingzierai/agents/utils/file_handling.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · xingzierai-0.207.1/src/xingzierai/app/channels/imessage/channel.py
highPy Import Time Network CallNetwork call (urllib/requests/httpx/http.client) at install or import time. · xingzierai-0.207.1/src/xingzierai/agentscope_core/__init__.py
mediumRemote Payloadmatched "wget " · xingzierai-0.207.1/src/xingzierai/agents/utils/file_handling.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.207.1High risk922026-06-09
0.207.0High risk922026-06-08
0.206.0High risk922026-06-08
0.205.4High risk922026-06-07
0.205.3High risk922026-06-07
0.205.2High risk922026-06-07
0.205.1High risk922026-06-07
0.205.0High risk922026-06-06
0.204.2High risk922026-06-06
0.204.1High risk922026-06-05
0.204.0High risk922026-06-05
0.203.2High risk922026-06-02
0.203.1High risk922026-06-02
0.203.0High risk922026-06-02
0.202.0High risk922026-06-01
0.201.7High risk922026-06-01
0.201.6High risk922026-06-01
0.201.5High risk922026-05-31
0.201.4High risk922026-05-31
0.201.3High risk922026-05-31
0.201.0High risk922026-05-30
0.136.1High risk922026-05-30
0.136.0High risk922026-05-30
0.135.2High risk922026-05-30
0.135.1High risk922026-05-30
0.135.0High risk922026-05-30
0.134.0High risk922026-05-30

Block this in CI

PkgRadar gates xingzierai (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi xingzierai==0.207.1
Start free — 25 scans / moView full evidence