watertools is vulnerable to remote code execution. When the package is installed, it opens a malicious backdoor in the package allowing an attacker to inject and execute arbitrary codes and gain access to sensitive user information and digital currency keys as well as escalate privileges.