brin
brin

oauth2client

PyPI

Is oauth2client safe to use?

The latest brin safety scan flagged oauth2client v4.1.3 with risk indicators that warrant review. No known CVE vulnerabilities and 2 detected threat patterns, including patterns consistent with insecure deserialization and insecure deserialization. Trust score: 85/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

oauth2client Has Confirmed Threats

Confirmed threat patterns detected in this package

critical
CVEs

0

Threats

2

Install Scripts

0

Risk Indicators

  • Detected patterns consistent with InsecureDeserialization (85% confidence)
  • Flagged for potential InsecureDeserialization patterns (75% confidence)
  • Flagged for potential InsecureDeserialization patterns (80% confidence)
  • Detected patterns consistent with InsecureDeserialization (85% confidence)
  • Flagged for potential InsecureDeserialization patterns (70% confidence)
  • Package can spawn child processes

oauth2client Confirmed Threats (2)

Insecure Deserialization
confidence: 85%confirmed

Location: oauth2client/contrib/flask_util.py:206

return pickle.loads(flow_pickle)
Insecure Deserialization
confidence: 85%confirmed

Location: oauth2client/contrib/django_util/views.py:93

return None if flow_pickle is None else jsonpickle.decode(flow_pickle)

brin Recommendations

  • This package is assessed as high-risk. Manual review is strongly recommended before use.
  • 2 verified threat patterns detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

oauth2client Capabilities & Permissions

What oauth2client can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

accounts.google.combugs.python.orgcloud.google.comcode.djangoproject.comcode.google.comconsole.developers.google.comdevelopers.google.comdevelopers.google.com\device.uridocs.djangoproject.com+22 more
Protocols: http, https, tcp

Filesystem Access

Reads and writes to the filesystem.

~/.config (rw).env (rw).env (rw).env (rw).env (rw).env (rw)

Process Spawning

This package can spawn child processes.

Environment Variables

Accesses the following environment variables.

APPDATADEVSHELL_ENVGCE_METADATA_IPGCE_METADATA_ROOTGCE_METADATA_TIMEOUTGOOGLE_APPLICATION_CREDENTIALSNO_GCE_CHECKSERVER_SOFTWARESystemDrive_CLOUDSDK_CONFIG_ENV_VAR+4 more

AGENTS.md for oauth2client

Good instructions lead to good results. brin adds oauth2client documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

oauth2client Documentation & Source Code

For the full oauth2client README, API documentation, and source code, visit the official package registry.

View on PyPIView SourceHomepage

Frequently asked questions about oauth2client safety

Weekly Downloads

7.5M

Version

4.1.3

License

MIT

Last Scanned

Feb 5, 2026

Trust Score

85/100·Legitimacy signals, not safety

Confirmed Threats (2)

insecure deserializationconfirmed

Location: oauth2client/contrib/flask_util.py:206

Confidence: 85%

return pickle.loads(flow_pickle)
insecure deserializationconfirmed

Location: oauth2client/contrib/django_util/views.py:93

Confidence: 85%

return None if flow_pickle is None else jsonpickle.decode(flow_pickle)

Confirmed threats have been validated by human review and represent real risks.

Capabilities

Network

Connects to: accounts.google.com, bugs.python.org, cloud.google.com...

Filesystem

Reads & Writes files

Process

Spawns child processes

Environment

Accesses: APPDATA, DEVSHELL_ENV, GCE_METADATA_IP...

Is oauth2client Safe? | PyPI Safety Scan - brin