AI Analysis
Final verdict: SUSPICIOUS
The package has a moderate risk score due to its metadata indicating recent creation and incomplete author information, which raises suspicion about its legitimacy and maintainership.
- recently created
- incomplete author information
Per-check LLM notes
- Network: The detected network patterns are typical for a client that communicates with an API using HTTP/HTTPS requests.
- Shell: No shell execution patterns were detected, which is expected and safe.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package is suspicious due to its recent creation, lack of maintainer history, and incomplete author information.
Heuristic Checks
Outbound Network Calls
score 7.5
Found 5 network call pattern(s)
e: self._client = httpx.Client( base_url=self._base_url, cocontext manager for internal httpx.Client (see httpx docs)""" self.get_httpx_client().__exit__(self._async_client = httpx.AsyncClient( base_url=self._base_url, coontext manager for underlying httpx.AsyncClient (see httpx docs)""" await self.get_async_httpx_client) self._client = httpx.Client( base_url=self._base_url, co
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: terradue.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 3.0
GitHub API error: 403
GitHub API error: 403
Maintainer History
score 8.0
4 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T07:30:37.000Z)Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)