Package Under Review

This package is under review. Identity is withheld until findings are confirmed. This is an automated assessment and findings are risk indicators, not confirmed threats.

4 threats detected

Downloads: 1K-10K

pkg-Y2c...

PyPIwarnings detected

Security Scan Results

Warnings detected due to potential concerns

warning

CVEs

Threats

Install Scripts

Confirmed Threats (4)

Command Injection

confidence: 60%confirmed

Location: cg/utils/commands.py:82-88

subprocess.run(" ".join(command), shell=True,

Hardcoded Secrets

confidence: 85%confirmed

Location: cg/server/app_config.py:20

cg_secret_key: str = "thisIsNotASafeKey"

Sensitive Data Logging

confidence: 95%confirmed

Location: cg/server/endpoints/utils.py:59

LOG.error(f"Error {e} occurred while decoding JWT token: {jwt_token}")

brin Recommendations

→This package has warnings detected. Evaluate the specific concerns before proceeding.
→4 verified threat patterns detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

Identity withheld

Pending verification process

Download Range

1K-10K

Last Scanned

2 days ago

Trust Score

60/100·Legitimacy signals, not safety

Capabilities

Network

Connects to: company.freshdesk.com, en.wikipedia.org, genologics.com...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: SUDO_USER

Native

Contains native modules