agent-roi-tracker

v0.1.1 safe
4.0
Medium Risk

Track the cost, usage, and ROI of your AI coding agents across every tool.

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal risks in terms of network, shell, and obfuscation activities. However, the metadata risk due to limited maintainer history suggests caution.

  • Low network and shell execution risk
  • No signs of code obfuscation or credential harvesting
  • New package with limited maintainer history
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires network interactions for its functionality.
  • Shell: No shell executions detected, indicating the package does not execute external commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of secrets and credentials.
  • Metadata: The package is new and has limited maintainer history, raising concerns about its legitimacy.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8000
Git Repository History score 3.0

GitHub API error: 403

  • GitHub API error: 403
Maintainer History score 4.0

2 maintainer concern(s) found

  • Package uploaded less than 24 hours ago (2026-06-05T07:41:21.000Z)
  • Author "Agent-ROI contributors" appears to have only 1 package on PyPI (new or inactive account)