Package evidence

mindfabric-agent==1.1.366

Py Runtime Dynamic Dangerous Import: Dynamic __import__('sys') — reflection bypass for static checks.

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 16
First published: Apr 2026
Publisher: MindFabric Team

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["mindfabric-agent==1.1.366"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["mindfabric-agent==1.1.366"],"fail_on":"high"}'

PublisherMindFabric Team

Artifact bytes2,576,101

Previous versionnone

Published2026-05-29T13:35:37

SHA-2563ec85c3072ad2959fd5c305e988efcb2cc36755d34ac92dbf4f257f3683560f9

Why flagged

What the scanner saw

Py Runtime Dynamic Dangerous Import: Dynamic __import__('sys') — reflection bypass for static checks.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

13d agoLast checked

highRisk

270Score

1.1.366Version

Status history (1 event)

new → available15d ago · risk high · score 270 · status changed

Evidence

Static findings

61 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Py Runtime Dynamic Dangerous Import	mindfabric_agent-1.1.366/core/ws/ws_client.py	Dynamic __import__('sys') — reflection bypass for static checks.	30
high	Py Runtime Base64 Decode	mindfabric_agent-1.1.366/core/ws/ws_client.py	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.	30
high	Py Runtime Base64 Decode	mindfabric_agent-1.1.366/plugins/ioc_scanner/modules/services/powershell_analyzer_service.py	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.	30
high	Py Runtime Dynamic Dangerous Import	mindfabric_agent-1.1.366/plugins/misconfigurations_detector/modules/services/output_service.py	Dynamic __import__('socket') — reflection bypass for static checks.	30
high	Py Runtime Base64 Decode	mindfabric_agent-1.1.366/plugins/osint_finder/modules/analyzers/fp/private_key_metadata.py	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.	30
high	DNS / OAST exfiltration	mindfabric_agent-1.1.366/plugins/osint_finder/output_service.py	matched "dig -x {value} +short\",\n f\"curl -sS 'https://ipinfo.io/{value}/json'\",\n f\"nmap -sV -Pn --top-ports 100 {value}\",\n ],\n description=f\"WHOIS, reverse DNS, ipinfo.io JSON, and top-100 TCP scan on {value}\"\n )\n \n # DNS record\n elif finding_type == \"dns_record\" or finding_type == \"dns\":\n domain = value.split()[-1] if \" \" in value else value\n return ExploitationCommands(\n commands=[\n f\"# DNS enumeration for: {domain}\",\n f\"dig {domain} ANY +noall +answer\",\n f\"dig {domain} A\",\n f\"dig {domain} AAAA\",\n f\"dig {domain} MX\",\n f\"dig {domain} TXT\",\n f\"dig {domain} NS\",\n f\"dig {domain} SOA\",\n f\"dig {domain} CNAME\",\n f\"# DNS zone transfer attempt:\",\n f\"dig axfr @$("	30
high	DNS / OAST exfiltration	mindfabric_agent-1.1.366/plugins/web_application_scanner/modules/databases/web_scanner_databases.py	matched "burpcollaborator.net"	30
medium	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/analyzers/fp/private_key_metadata.py	matched ".ssh/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/agent_exploitation/ssh_agent_exploiter.py	matched ".ssh/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/tunneling/advanced_ssh_techniques.py	matched ".ssh/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/supply_chain_attack/modules/databases/supply_chain_databases.py	matched ".npmrc"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/scanners/aws_secrets_scanner.py	matched "AWS_ACCESS_KEY"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/scanners/azure_keyvault_scanner.py	matched ".azure/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/scanners/gcp_secret_scanner.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10

Show all 61 findings (low-signal and informational)

Showing 60 of 61 findings.

Severity	Kind	Path	Detail	Points
high	Py Runtime Dynamic Dangerous Import	mindfabric_agent-1.1.366/core/ws/ws_client.py	Dynamic __import__('sys') — reflection bypass for static checks.	30
high	Py Runtime Base64 Decode	mindfabric_agent-1.1.366/core/ws/ws_client.py	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.	30
high	Py Runtime Base64 Decode	mindfabric_agent-1.1.366/plugins/ioc_scanner/modules/services/powershell_analyzer_service.py	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.	30
high	Py Runtime Dynamic Dangerous Import	mindfabric_agent-1.1.366/plugins/misconfigurations_detector/modules/services/output_service.py	Dynamic __import__('socket') — reflection bypass for static checks.	30
high	Py Runtime Base64 Decode	mindfabric_agent-1.1.366/plugins/osint_finder/modules/analyzers/fp/private_key_metadata.py	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.	30
high	DNS / OAST exfiltration	mindfabric_agent-1.1.366/plugins/osint_finder/output_service.py	matched "dig -x {value} +short\",\n f\"curl -sS 'https://ipinfo.io/{value}/json'\",\n f\"nmap -sV -Pn --top-ports 100 {value}\",\n ],\n description=f\"WHOIS, reverse DNS, ipinfo.io JSON, and top-100 TCP scan on {value}\"\n )\n \n # DNS record\n elif finding_type == \"dns_record\" or finding_type == \"dns\":\n domain = value.split()[-1] if \" \" in value else value\n return ExploitationCommands(\n commands=[\n f\"# DNS enumeration for: {domain}\",\n f\"dig {domain} ANY +noall +answer\",\n f\"dig {domain} A\",\n f\"dig {domain} AAAA\",\n f\"dig {domain} MX\",\n f\"dig {domain} TXT\",\n f\"dig {domain} NS\",\n f\"dig {domain} SOA\",\n f\"dig {domain} CNAME\",\n f\"# DNS zone transfer attempt:\",\n f\"dig axfr @$("	30
high	DNS / OAST exfiltration	mindfabric_agent-1.1.366/plugins/web_application_scanner/modules/databases/web_scanner_databases.py	matched "burpcollaborator.net"	30
medium	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/analyzers/fp/private_key_metadata.py	matched ".ssh/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/agent_exploitation/ssh_agent_exploiter.py	matched ".ssh/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/tunneling/advanced_ssh_techniques.py	matched ".ssh/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/supply_chain_attack/modules/databases/supply_chain_databases.py	matched ".npmrc"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/scanners/aws_secrets_scanner.py	matched "AWS_ACCESS_KEY"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/scanners/azure_keyvault_scanner.py	matched ".azure/"	10
medium	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/scanners/gcp_secret_scanner.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
low	Credential file access	mindfabric_agent-1.1.366/plugins/_trufflehog_patterns/patterns.py	matched "aws_secret_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/cicd_pipeline_auditor.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/modules/scanners/gitops_security_scanner.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/modules/scanners/multicloud_cicd_scanner.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/modules/scanners/pipeline_injection_scanner.py	matched ".npmrc"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/modules/scanners/secrets_scanner.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/modules/scanners/supply_chain_helpers.py	matched ".npmrc"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/modules/scanners/supply_chain_scanner.py	matched ".npmrc"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cicd_pipeline_auditor/modules/security/secret_scanner.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/cloud_gcp_security_assesment/modules/databases/ui_templates.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/docker_escape/modules/detection/orchestration_escape_detector.py	matched ".aws/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/file_integrity_monitor/modules/databases/fim_databases.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/iac_security_auditor/modules/scanners/cloudformation_scanner.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/iac_security_auditor/modules/scanners/terraform_scanner.py	matched ".aws/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ioc_scanner/modules/detection/persistence_detector.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ioc_scanner/modules/services/memory_scanner_service.py	matched "id_rsa"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/kubernetes_escape/modules/checkers/additional_scenarios/cve_2024_21626_checker.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/kubernetes_escape/modules/checkers/additional_scenarios/package_management_checker.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/kubernetes_escape/modules/checkers/specific_scenarios/overpermissive_psp_checker.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/lateral_movement/modules/services/output_service.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/analyzers/fp/misc_multi_type_false_positive.py	matched "AWS_ACCESS_KEY"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/deep_scanners/cloud_k8s_scanner.py	matched "AWS_ACCESS_KEY"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/patterns/pattern_definitions.py	matched ".azure\\"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/patterns/provider_secret_patterns.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/utils/cloud_host_risk_heuristic.py	matched ".config/gcloud"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/utils/ip_osint_fp_policy.py	matched "id_rsa"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/utils/provider_secret_risk_heuristic.py	matched ".aws/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/osint_finder/modules/utils/sensitive_value_mask.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/persistence_detection/modules/databases/persistence_databases.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/privilege_escalation/modules/linux/cloud_metadata_checker.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/privilege_escalation/modules/linux/file_permissions_checker.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/cloud_container_pivot/cloud_ssh_pivot.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/core/capabilities_checker.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/core/report_generator.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/databases/ui_templates.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/scanning/certificate_scanner.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/scanning/config_scanner.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/scanning/controlmaster_discovery.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/modules/scanning/socket_scanner.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/ssh_pivot_hunter/output_service.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/user_audit/modules/auditors/cloud_iam_auditor.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/user_audit/modules/databases/audit_patterns.py	matched ".aws/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/user_audit/output_service.py	matched ".ssh/"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/databases/vault_patterns.py	matched "aws_access_key"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/modules/services/discovery_service.py	matched "AWS_ACCESS_KEY"	5
low	Credential file access	mindfabric_agent-1.1.366/plugins/vault_security_auditor/vault_security_auditor.py	matched "AWS_ACCESS_KEY"	5