AI Analysis
Final verdict: SUSPICIOUS
The package shows minimal risk in terms of network usage, shell commands, and obfuscation, but the presence of a suspicious non-HTTPS link and a new maintainer with only one package raises concerns about potential supply-chain risks.
- Suspicious non-HTTPS link in metadata.
- New maintainer with only one package listed.
Per-check LLM notes
- Network: No network calls detected, indicating low risk.
- Shell: Shell commands suggest package may be performing system checks or version control operations, which could be legitimate but warrant further investigation into the package's purpose.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
- Credentials: No credential harvesting patterns detected, indicating safe handling of secrets and credentials.
- Metadata: Suspicious non-HTTPS link and new maintainer with single package increase suspicion.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 4.0
Found 2 shell execution pattern(s)
try: result = subprocess.run( [ "find", str(root), "-try: result = subprocess.run( ["git", "log", "--oneline", "-10"],
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
score 2.0
Found 1 suspicious link(s) on the package page
Non-HTTPS external link: http://192.168.1.100:8730
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "se-agent-builder team" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentcrops
Build a simple Python application using the agentcrops package to demonstrate its core features.