AI Analysis
Final verdict: SUSPICIOUS
The package shows minimal direct risk indicators like network and shell risks. However, the metadata risk due to the maintainer's profile raises concerns about its provenance and trustworthiness.
- Low network and shell risks
- Maintainer with a potentially low-trust account
Per-check LLM notes
- Network: No network calls detected, which is normal unless the package requires external services.
- Shell: No shell execution patterns detected, indicating no immediate signs of malicious activities.
- Metadata: The maintainer has a new or inactive account and lacks a full author name, indicating potential low trustworthiness.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository jwwelbor/AgentMap appears legitimate
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentmap
Build a simple Python application using the agentmap package to demonstrate its core features.