AI Analysis
Final verdict: SUSPICIOUS
The package is considered suspicious due to the combination of a new repository, limited maintainer history, and an insecure link, despite having no detected shell execution patterns.
- Metadata risk is high due to the repository being new and the maintainer having limited history.
- An insecure link is present within the package metadata.
Per-check LLM notes
- Network: The presence of network calls is not unusual for a tool-oriented package, but the nature and frequency of these calls should be reviewed to ensure they are legitimate.
- Shell: No shell execution patterns were detected.
- Metadata: The repository is new, the maintainer has limited history, and there's an insecure link present.
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
try: async with httpx.AsyncClient(timeout=httpx.Timeout(None, connect=10.0)) as client:
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: izusoft.tech>
Suspicious Page Links
score 2.0
Found 1 suspicious link(s) on the package page
Non-HTTPS external link: http://prod.example.com
Git Repository History
score 2.5
Git history flags: Repository created very recently: 4 day(s) ago (2026-06-01T19:52:23Z)
Repository created very recently: 4 day(s) ago (2026-06-01T19:52:23Z)
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packageAuthor name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with aaep-tools
Your task is to develop a user-friendly command-line tool named 'AAEPStreamAnalyzer' using the Python package 'aaep-tools'. This tool will serve as a comprehensive utility for managing event streams according to the Agent Accessibility Event Protocol (AAEP). The application should allow users to validate, capture, and replay event streams directly from their command line interface. ### Core Features: 1. **Validation**: Users should be able to input an event stream file and have the tool validate it against AAEP standards. The output should clearly indicate whether the event stream is valid or not, along with any specific errors found. 2. **Capture**: Implement a feature that allows real-time capturing of event streams from a specified source. This could be from a live system feed or a predefined set of events. 3. **Replay**: Provide functionality to replay captured event streams for testing or debugging purposes. Users should be able to specify the speed at which events are replayed. ### Additional Features: - **Interactive Mode**: Allow users to interactively modify event streams before validation or replay. - **Logging**: Implement logging for all operations performed by the tool to help with troubleshooting and auditing. - **Help Documentation**: Include detailed documentation accessible via command-line options to guide users on how to use each feature effectively. ### Utilization of 'aaep-tools': - Use the 'validate' sub-package of 'aaep-tools' to perform validation checks on event streams. - For capturing event streams, utilize the 'capture' module provided by 'aaep-tools', ensuring you document any necessary configurations or prerequisites. - When implementing replay functionality, leverage the 'replay' capabilities within 'aaep-tools', allowing for customization of replay speeds if possible. Your goal is to create a versatile, efficient, and user-friendly tool that simplifies working with AAEP event streams. Ensure your application is well-documented and includes examples of how to use each feature.