Package Metadata

Author: InnoSoft Company
Email: InnoSoft Company <[email protected]>
PyPI: InnoCaptcha
Python: >=3.9
Versions: 13 releases
First release: 02 Mar 2026, 18:07 UTC
Analysed: 05 Jun 2026, 14:48 UTC
Source files: 11 .py files scanned

Project Links

AR_Documentation Bug Tracker EN_Documentation Homepage Source Code

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Internet :: WWW/HTTPTopic :: Multimedia :: Graphics

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a high shell risk due to its silent upgrade mechanism, which could be indicative of unauthorized actions. While other risks are minimal, the combination of findings warrants further scrutiny.

High shell risk due to silent upgrade mechanism
Low activity of the maintainer's account

Per-check LLM notes

Network: No network calls detected, which is normal unless the package requires external services.
Shell: The attempt to upgrade the package silently suggests potential for unauthorized actions, indicative of possible malicious intent.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The maintainer has only one package, suggesting a new or less active account which may warrant further investigation.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

..") try: subprocess.check_call([sys.executable, "-m", "pip", "install", "--upgrade", "InnoC

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: hotmail.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository InnoSoft-Company/InnoCaptcha appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "InnoSoft Company" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with InnoCaptcha

Create a mini-application that serves as a web-based user authentication system with enhanced security features using the InnoCaptcha package. This application should include the following functionalities:

1. User Registration: Users can sign up by providing their username, email, and password. Upon registration, they must pass a CAPTCHA challenge to ensure they are not bots.
2. User Login: After successful registration, users can log into their accounts using their credentials. Again, a CAPTCHA challenge should be presented to verify human interaction.
3. Account Recovery: Implement a secure account recovery process where users can reset their passwords via email after passing a CAPTCHA verification.
4. Admin Panel: Provide an admin interface to manage users, view login attempts, and monitor CAPTCHA challenges.
5. CAPTCHA Customization: Allow the admin to customize the CAPTCHA challenges (e.g., changing between image, math, or custom types).
6. Token-Based Security: Utilize InnoCaptcha's token-based security feature to protect API endpoints from unauthorized access.
7. Multiple Storage Backends: Integrate InnoCaptcha's support for multiple storage backends to store CAPTCHA tokens securely.
8. Logging and Monitoring: Log all CAPTCHA interactions and provide real-time monitoring of login attempts and CAPTCHA success rates.

To achieve these functionalities, you will need to leverage the core features of the InnoCaptcha package such as its various challenge types, token management, and customizable storage options. Ensure that your application is well-documented and includes instructions on how to install dependencies and run the app locally.