AI Analysis
Final verdict: SAFE
The package has minimal risks across all categories and does not show any signs of malicious activity or supply-chain attacks.
- Low network and shell risks suggest legitimate functionality.
- No evidence of obfuscation or credential harvesting.
Per-check LLM notes
- Network: The network call appears to be fetching data from Wikipedia which is likely for legitimate purposes like retrieving stock ticker symbols.
- Shell: The use of 'subprocess.run' with Git suggests the package may be performing version control operations, possibly for internal setup or dependency management.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows low maintenance and metadata quality, but there's no clear indication of malicious intent.
Package Quality Overall: Low (3.6/10)
✦ High
Test Suite
9.0
Test suite present — 7 test file(s) found
Test runner config found: pyproject.toml7 test file(s) detected (e.g. test_mcp_results_sync.py)
○ Low
Documentation
1.0
No documentation detected
No documentation URL, doc files, or meaningful description found
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
130 type-annotated function signatures detected in source
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
score 4.5
Found 3 network call pattern(s)
) -> list[str]: request = urllib.request.Request( SP500_WIKIPEDIA_URL, headers={"Usertry: with urllib.request.urlopen(request, timeout=30) as response: htponse() with mock.patch("urllib.request.urlopen", fake_urlopen): tickers = fetch_sp500_ticke
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 4.0
Found 2 shell execution pattern(s)
talled first try: subprocess.run(["git", "--version"], check=True, capture_output=True, timeopletedProcess: return subprocess.run( ["git", "-C", str(target_dir), *args],
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with agentstockbenchmark
Create a financial analysis tool using Python's 'agentstockbenchmark' package. This tool will enable users to simulate and evaluate different investment strategies based on historical stock data. The application should allow users to input a set of stocks they are interested in, select a time period, and then choose from various predefined investment strategies (e.g., equal weight, market cap weighted, momentum-based). The app should then use 'agentstockbenchmark' to rank these stocks according to their performance metrics over the selected period and generate a benchmark report comparing the chosen strategy against a passive index fund like the S&P 500. Additionally, include a feature where users can adjust weights manually and see how it impacts the portfolio's performance. Finally, provide visualizations of the results using libraries such as Matplotlib or Plotly to make the data more accessible. Utilize 'agentstockbenchmark' for its ranking and benchmarking capabilities to ensure accuracy and depth in the analysis.