AI Analysis
Final verdict: SUSPICIOUS
The package shows some suspicious signs, particularly regarding metadata and network usage, though there is no clear evidence of malicious intent or activity.
- Suspicious non-HTTPS link and missing maintainer information
- Potential network-related risks that require further investigation
Per-check LLM notes
- Network: The presence of network calls is common and could be for legitimate purposes like fetching remote resources, but requires further investigation to ensure it's not used for unauthorized activities.
- Shell: No shell execution patterns were detected, which is normal and expected.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: Suspicious non-HTTPS link and missing maintainer information suggest potential risk.
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
s _local_client = httpx.Client(timeout=httpx.Timeout( connect=60.0,
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
score 2.0
Found 1 suspicious link(s) on the package page
Non-HTTPS external link: http://MACHINE_A_IP:11434/v1
Git Repository History
score 3.0
Repository not found (deleted or private)
Repository not found (deleted or private)
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentic-rag-core
Build a simple Python application using the agentic-rag-core package to demonstrate its core features.