Package Under Review
This package is under review. Identity is withheld until findings are confirmed. This is an automated assessment and findings are risk indicators, not confirmed threats.
0 threats detected
Downloads: 100K-1M
pkg-YWcy...
PyPIunder reviewSecurity Scan Results
This package is under review — findings have not yet been confirmed
CVEs
0
Threats
0
Install Scripts
0
Risk Indicators
- •InsecureDeserialization detected (90% confidence)
- •InsecureDeserialization detected (85% confidence)
- •InsecureDeserialization detected (85% confidence)
- •CodeInjection detected (90% confidence)
- •Possible CodeInjection (75% confidence)
- •Possible CommandInjection (60% confidence)
- •Possible WeakCrypto (70% confidence)
- •Contains native code
- •Can spawn child processes
brin Recommendations
- →This package is assessed as high-risk. Manual review is strongly recommended before use.
This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.
Identity withheld
Pending verification process
Download Range
100K-1M
Last Scanned
Feb 4, 2026
Trust Score
85/100·Legitimacy signals, not safety
Capabilities
Network
Connects to: 127.0.0.1, ai.google.dev, api.azure.com...
Filesystem
Reads & Writes files
Process
Spawns child processes
Environment
Accesses: ANTHROPIC_API_KEY, AUTOGEN_USE_DOCKER, AWS_ACCESS_KEY...
Native
Contains native modules