Summary
graperoot v3.9.26 was classified as CRITICAL RISK with a risk score of 6889. Sigil detected 635 findings across 24 files, covering phases including install hooks, obfuscation, code patterns, network exfiltration, credential access. Review the findings below before installing this package.
Package description: GrapeRoot — graph-based context engine for AI coding agents
v3.9.26
26 March 2026, 17:31 UTC
by Sigil Bot
Risk Score
6889
Findings
635
Files Scanned
24
Provenance
Findings by Phase
Phase Ordering
Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/PKG-INFO:66
```bash
curl -sSL https://raw.githubusercontent.com/kunal12203/Codex-CLI-Compact/main/install.sh | bash
source ~/.zshrc # or ~/.bashrc / ~/.profileWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/README.md:46
```bash
curl -sSL https://raw.githubusercontent.com/kunal12203/Codex-CLI-Compact/main/install.sh | bash
source ~/.zshrc # or ~/.bashrc / ~/.profileWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-setup-py-cmdclass
CRITICALsetup.py overrides cmdclass — may execute code during install
graperoot-3.9.26/setup.py:70
)
cmdclass = {"build_ext": build_ext}
except Exception:Why was this flagged?
This package overrides Python's setup.py cmdclass, which allows arbitrary code to execute during pip install. This is the primary attack vector for malicious PyPI packages — attackers use it to steal credentials, install backdoors, or download additional payloads before the developer ever runs the code. Rated CRITICAL because it executes automatically with no user interaction required.
install-setup-py-cmdclass
CRITICALsetup.py overrides cmdclass — may execute code during install
graperoot-3.9.26/setup.py:73
# Cython not installed or failed to import — pure Python install
cmdclass = {}
Why was this flagged?
This package overrides Python's setup.py cmdclass, which allows arbitrary code to execute during pip install. This is the primary attack vector for malicious PyPI packages — attackers use it to steal credentials, install backdoors, or download additional payloads before the developer ever runs the code. Rated CRITICAL because it executes automatically with no user interaction required.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
graperoot-3.9.26/src/graperoot/data/info_graph.json:3813
"keywords": [],
"content": "# Disaster Recovery & Backup Plan\n\n## \ud83d\udea8 If Railway/Vercel Goes Down\n\n### Immediate Actions (Within 5 minutes)\n\n1. **Check Status Pages**:\n - Railway: https://status.railway.app\n - Vercel: https://www.vercel-status.com\n - Your Database: Check your provider's status\n\n2. **Switch to Backup Deployment** (if configured)\n\n3. **Update DNS** to point to backup provider\n\n---\n\n## \ud83d\udd04 Multi-Cloud Deployment Strategy\n\n### OWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
graperoot-3.9.26/src/graperoot/data/info_graph.json:21883
"keywords": [],
"content": "# Disaster Recovery & Backup Plan\n\n## \ud83d\udea8 If Railway/Vercel Goes Down\n\n### Immediate Actions (Within 5 minutes)\n\n1. **Check Status Pages**:\n - Railway: https://status.railway.app\n - Vercel: https://www.vercel-status.com\n - Your Database: Check your provider's status\n\n2. **Switch to Backup Deployment** (if configured)\n\n3. **Update DNS** to point to backup provider\n\n---\n\n## \ud83d\udd04 Multi-Cloud Deployment Strategy\n\n### OWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
graperoot-3.9.26/src/graperoot/data/info_graph.json:72787
],
"content": "#\n# DEPRECATED: implementation for ffi.verify()\n#\nimport sys\nfrom . import model\nfrom .error import VerificationError\nfrom . import _imp_emulation as imp\n\n\nclass VCPythonEngine(object):\n _class_key = 'x'\n _gen_python_module = True\n\n def __init__(self, verifier):\n self.verifier = verifier\n self.ffi = verifier.ffi\n self._struct_pending_verification = {}\n self._types_of_builtin_functions = {}\n\n def patch_extensionWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
graperoot-3.9.26/src/graperoot/data/info_graph.json:79009
],
"content": "from __future__ import annotations\n\nimport collections.abc as cabc\nimport os\nimport re\nimport typing as t\nfrom gettext import gettext as _\n\nfrom .core import Argument\nfrom .core import Command\nfrom .core import Context\nfrom .core import Group\nfrom .core import Option\nfrom .core import Parameter\nfrom .core import ParameterSource\nfrom .utils import echo\n\n\ndef shell_complete(\n cli: Command,\n ctx_args: cabc.MutableMapping[str, t.Any],\n prog_naWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
graperoot-3.9.26/src/graperoot/data/info_graph.json:91520
],
"content": "from __future__ import annotations\n\nimport socket\nimport sys\nfrom collections.abc import Callable, Generator, Iterator\nfrom contextlib import ExitStack, contextmanager\nfrom inspect import isasyncgenfunction, iscoroutinefunction, ismethod\nfrom typing import Any, cast\n\nimport pytest\nfrom _pytest.fixtures import SubRequest\nfrom _pytest.outcomes import Exit\n\nfrom . import get_available_backends\nfrom ._core._eventloop import (\n current_async_library,\n Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
graperoot-3.9.26/src/graperoot/data/info_graph.json:114531
],
"content": "\"\"\"\n pygments.sphinxext\n ~~~~~~~~~~~~~~~~~~\n\n Sphinx extension to generate automatic documentation of lexers,\n formatters and filters.\n\n :copyright: Copyright 2006-2025 by the Pygments team, see AUTHORS.\n :license: BSD, see LICENSE for details.\n\"\"\"\n\nimport sys\n\nfrom docutils import nodes\nfrom docutils.statemachine import ViewList\nfrom docutils.parsers.rst import Directive\nfrom sphinx.util.nodes import nested_parse_with_titles\n\nWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
graperoot-3.9.26/src/graperoot/data/info_graph.json:144428
],
"content": "from __future__ import annotations\n\nfrom collections import deque, namedtuple\nfrom contextlib import contextmanager\nfrom decimal import Decimal\nfrom io import BytesIO\nfrom typing import Any\nfrom unittest import TestCase, mock\nfrom urllib.request import pathname2url\nimport json\nimport os\nimport sys\nimport tempfile\nimport warnings\n\nfrom attrs import define, field\nfrom referencing.jsonschema import DRAFT202012\nimport referencing.exceptions\n\nfrom jsonschWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/src/graperoot/data/info_graph.json:26
"keywords": [],
"content": "# Dual-Graph \u2014 Compounding Context for Claude Code & Codex CLI\n\nA context engine that makes Claude Code and Codex CLI **30-45% cheaper** without sacrificing quality. It builds a semantic graph of your codebase and pre-loads the right files into every prompt \u2014 so Claude spends tokens reasoning, not exploring.\n\nWorks on **macOS, Linux, and Windows**. Supports any project size.\n\n**Join the community: [discord.gg/rxgVVgCh](https://discord.gg/rxWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/src/graperoot/data/info_graph.json:3813
"keywords": [],
"content": "# Disaster Recovery & Backup Plan\n\n## \ud83d\udea8 If Railway/Vercel Goes Down\n\n### Immediate Actions (Within 5 minutes)\n\n1. **Check Status Pages**:\n - Railway: https://status.railway.app\n - Vercel: https://www.vercel-status.com\n - Your Database: Check your provider's status\n\n2. **Switch to Backup Deployment** (if configured)\n\n3. **Update DNS** to point to backup provider\n\n---\n\n## \ud83d\udd04 Multi-Cloud Deployment Strategy\n\n### OWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/src/graperoot/data/info_graph.json:21883
"keywords": [],
"content": "# Disaster Recovery & Backup Plan\n\n## \ud83d\udea8 If Railway/Vercel Goes Down\n\n### Immediate Actions (Within 5 minutes)\n\n1. **Check Status Pages**:\n - Railway: https://status.railway.app\n - Vercel: https://www.vercel-status.com\n - Your Database: Check your provider's status\n\n2. **Switch to Backup Deployment** (if configured)\n\n3. **Update DNS** to point to backup provider\n\n---\n\n## \ud83d\udd04 Multi-Cloud Deployment Strategy\n\n### OWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/src/graperoot/data/info_graph.json:53546
],
"content": "#!/usr/bin/env python3\n\"\"\"\nDual-Graph License Server\n-------------------------\nREQUIRE_LICENSE=false \u2192 free mode (all installs pass, no key needed)\nREQUIRE_LICENSE=true \u2192 paid mode ($5 license key required)\n\nEndpoints:\n POST /validate \u2014 installer calls this with a key\n POST /generate \u2014 you call this to create keys (needs ADMIN_SECRET)\n POST /admin-delete \u2014 delete explicit machine IDs (needs ADMIN_SECRET)\n Why was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/src/graperoot/data/info_graph.json:172894
"keywords": [],
"content": "# Setup Guide\n\n## Install (one time)\n\n```bash\ncurl -sSL https://raw.githubusercontent.com/kunal12203/Codex-CLI-Compact/main/install.sh | bash\nsource ~/.zshrc\n```\n\n## Per project \u2014 Claude Code\n\n```bash\ndgc /path/to/your/project\n# or from inside the project:\ndgc .\n```\n\n## Per project \u2014 Codex CLI\n\n```bash\ndg /path/to/your/project\n```\n\n## Token Tracking\n\n```bash\n# Start the live dashboard\ncd dashboard && python3 server.py\nWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
install-makefile-curl
HIGHMakefile/script pipes remote content to shell
graperoot-3.9.26/src/graperoot.egg-info/PKG-INFO:66
```bash
curl -sSL https://raw.githubusercontent.com/kunal12203/Codex-CLI-Compact/main/install.sh | bash
source ~/.zshrc # or ~/.bashrc / ~/.profileWhy was this flagged?
A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.
Badge
Markdown
[](https://sigilsec.ai/scans/3294C196-315A-492E-AF97-383E052E2932)HTML
<a href="https://sigilsec.ai/scans/3294C196-315A-492E-AF97-383E052E2932"><img src="https://sigilsec.ai/badge/pypi/graperoot" alt="Sigil Scan"></a>Run This Scan Yourself
Scan your own packages
Run Sigil locally to audit any package before it touches your codebase.
Early Access
Get cloud scanning, threat intel, and CI/CD integration.
Join 150+ developers on the waitlist.
Get threat intelligence and product updates
Security research, new threat signatures, and product updates. No spam.
Other pypi scans
Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.