Package Metadata

Author: notmartin
Email: [email protected]
PyPI: 0g-storage-sdk
Python: >=3.8
Versions: 5 releases
First release: 30 Oct 2025, 22:57 UTC
Analysed: 05 Jun 2026, 10:07 UTC
Source files: 47 .py files scanned

Project Links

Bug Tracker Documentation Homepage Source Code

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.8

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is flagged due to its single-author status and presence of suspicious non-HTTPS links, which could indicate potential risks such as unauthorized access or malicious intent.

Suspicious non-HTTPS link
Single-package author

Per-check LLM notes

Metadata: Suspicious non-HTTPS link and single-package author raise concerns, but lack of typosquatting and email domain flags lower overall risk.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

imeout self.session = requests.Session() # Avoid env proxies interfering with TLS s

⚠ Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

ne 74 seg_array = base64.b64decode(segment) # TS line 75-81 if self.st
current_len = len(base64.b64decode(val.data)) if val.data else 0 seg =
e data seg_data = base64.b64decode(seg.data) if seg.data else b"" val_data = base64
se b"" val_data = base64.b64decode(val.data) if val.data else b"" combined = val_da

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

IR / script_name result = subprocess.run( [str(TSX), str(script)], input=json.dumps(p

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

Non-HTTPS external link: http://storage-node.example.com:5678

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

Repository not found (deleted or private)

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "notmartin" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with 0g-storage-sdk

Develop a simple yet powerful file management utility named 'DecentralizedBackup' using the Python package '0g-storage-sdk'. This utility will allow users to store, retrieve, and manage files on the 0G Storage decentralized network. It should support uploading files with merkle tree verification, downloading files, listing stored files, and deleting files from the network. Additionally, implement a feature to verify the integrity of files using their merkle tree hashes before and after download. Users should be able to interact with the utility through a command-line interface (CLI). The application should also include error handling for common issues like network errors, invalid inputs, and authentication failures. Use the '0g-storage-sdk' package to handle all interactions with the 0G Storage network, ensuring efficient and secure data transfer.