AI Analysis
Final verdict: SUSPICIOUS
The package shows some signs of obfuscation and has a high metadata risk due to its newness and limited maintainer activity, indicating potential risks.
- Base64 decoding observed
- High metadata risk due to lack of package history
Per-check LLM notes
- Network: The network call pattern indicates the package uses HTTP/HTTPS to communicate with external services, which is common and expected for SDKs.
- Shell: No shell execution patterns detected, suggesting low risk of executing arbitrary commands.
- Obfuscation: The observed base64 decoding could be part of normal functionality, such as handling encoded configuration or data fields.
- Credentials: No suspicious patterns for credential harvesting were detected.
- Metadata: The package is newly uploaded with no history and limited activity from the maintainer, raising concerns about potential malicious intent.
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
self._http = http_client or httpx.AsyncClient(timeout=30.0) self._owns_http = http_client is None
Code Obfuscation
score 2.0
Found 1 obfuscation pattern(s)
b64 = data_field return base64.b64decode(b64) async def _get_slot(client: httpx.AsyncClient, rpc_ur
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 3.0
GitHub API error: 403
GitHub API error: 403
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T05:35:20.000Z)Author "Agent Fuel" appears to have only 1 package on PyPI (new or inactive account)