ClaudeCleo

v0.4.2 suspicious
7.0
High Risk

Dependency manager for the Claude ecosystem — rules, skills, agents, commands, hooks, MCP servers.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high credential risk due to suspicious file path access, and incomplete metadata raises concerns about the maintainer's legitimacy.

  • High credential risk from '/../../etc/passwd' access
  • Incomplete and potentially unreliable maintainer information
Per-check LLM notes
  • Network: No network calls detected, which is normal and expected.
  • Shell: The use of subprocess.run with 'git' commands suggests the package might be performing version control operations internally, which could be legitimate if it's related to package management or development purposes.
  • Obfuscation: No signs of obfuscation detected.
  • Credentials: Suspicious file path access to "/../../etc/passwd" indicates potential unauthorized credential harvesting.
  • Metadata: The author's information is incomplete and the maintainer seems to be new or inactive, which raises some suspicion but not enough to conclude malice.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • .update(env_extra) return subprocess.run( [sys.executable, CLEO, *args], cwd=cwd or o
  • f _git(cwd: Path, *args): subprocess.run(["git", *args], cwd=cwd, check=True, capture_output=True)
  • : Path) -> list[str]: r = subprocess.run( ["git", "-C", str(pkg_dir), "log", "--format=%s"],
  • == 0, r.stderr tags = subprocess.run( ["git", "-C", str(pkg), "tag", "--list"],
  • , "drift") new_head = subprocess.run( ["git", "-C", str(pkg), "rev-parse", "HEAD"],
  • 0, r.stderr tag_sha = subprocess.run( ["git", "-C", str(pkg), "rev-parse", "v0.1.1^{c
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • {"name": "../../etc/passwd", "type": "bundle"}, "v/p" ) from lib.securit
  • validate_package_ref("../../etc/passwd") with pytest.raises(SecurityViolation, match="<ven
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: hotmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository Surt/cleo appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ClaudeCleo 
Build a simple Python application using the ClaudeCleo package to demonstrate its core features.