The package is marked as malware by OSV: MAL-2026-450 with source: OSV

Note: This report is updated by a verification record

The package contains multiple instances of malicious code execution. Specifically, sympy/polys/polyroots.py and sympy/polys/polytools.py download and execute code from remote servers (185.167.99.46 and 63.250.56.54 respectively) using memfd_create and os.execv, which is a strong indicator of malicious intent. Also, YARA rule http_hardcoded_ip matched these files, further supporting the malicious classification.