🤖 AI Analysis

Final verdict: MALICIOUS

The package exhibits multiple red flags including high risks associated with shell execution, obfuscation techniques, and credential harvesting. These factors strongly suggest malicious intent.

High shell risk due to uncontrolled system command execution
Obfuscation used to hide potentially harmful logic
Suspicious behavior in attempting to retrieve user API keys

Per-check LLM notes

Network: The network calls seem to be making requests to external URLs which could potentially be for legitimate purposes like version checking or updates, but without more context, there's some concern.
Shell: Executing system commands via subprocess.run can be risky if not properly controlled, especially when interacting with Git and GitHub actions. This might indicate the package performs automated tasks, but it also raises concerns about potential misuse.
Obfuscation: The code uses base64 decoding within a try-except block which may indicate an attempt to hide logic or evade simple analysis.
Credentials: The code attempts to retrieve a user's API key via the console, which is highly suspicious and likely intended for credential harvesting.

📦 Package Quality Overall: Medium (5.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

1 test file(s) detected (e.g. test_suite.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (15088 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Type checker (mypy / pyright / pytype) referenced in project
642 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 6.0

Limited contributor diversity

2 unique contributor(s) across 100 commits in psfr4590-afk/ANARCHY
Two distinct contributors found

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

ises on failure.""" req = urllib.request.Request(url, headers={"User-Agent": "ANARCHY-skill-installer
ill-installer/1.0"}) with urllib.request.urlopen(req, timeout=timeout) as resp: raw = resp.re
try: req = urllib.request.Request( url, headers={"User
) with urllib.request.urlopen(req, timeout=timeout): latency = (ti
te(kwargs) resp = requests.post( f"{self.base_url}/chat/completions",
port requests r = requests.get( f"{self.base_url}/models",

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

ion: pass try: return base64.b64decode(token.encode()).decode() except Exception: return to
{"app": app} result = eval(expr, _ns) print(f"[eval] => {result}\n") except

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

sys try: subprocess.run( [sys.executable, "-m", "spacy", "download",
dout+stderr).""" result = subprocess.run( ["git", *args], capture_output=True, text=True, cwd
nch}" pr_result = subprocess.run( ["gh", "pr", "create", "--title", title, "-
th(override) result = subprocess.run( ["git", "rev-parse", "--show-toplevel"], captur
try: result = subprocess.run( [cmd[0], "--version"], capture_output=True,
r, Any]] = [] proc = subprocess.Popen( cmd, stdin=subprocess.PIPE, stdout=subprocess.P

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

ss try: api_key = getpass.getpass(f" Paste your {key_name}: ").strip() except (KeyboardIn

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository psfr4590-afk/ANARCHY appears legitimate

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.