Package Metadata

Author: —
Email: "POLLEO.AI" <[email protected]>
PyPI: arcus-provider-runtime
Python: >=3.11
Versions: 4 releases
First release: 25 May 2026, 16:44 UTC
Analysed: 07 Jun 2026, 11:16 UTC
Source files: 48 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: LibrariesTopic :: Text Processing :: Markup

🤖 AI Analysis

Final verdict: SAFE

The package shows low risks in credential and obfuscation areas, with moderate concerns about network and shell command usage. There are no clear signs of malicious intent, despite the maintainer's inactivity.

Moderate network and shell risk due to potential external dependencies and command executions.
Low risk in credential harvesting and code obfuscation.

Per-check LLM notes

Network: The network calls appear to be for fetching resources or checking MIME types, which could be legitimate for runtime environments but might also indicate external dependency management.
Shell: Executing shell commands like 'nlm login --check' and other processes can be part of authentication or system checks, but it increases the risk of unauthorized access or command execution vulnerabilities.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The repository's low activity and the maintainer's new/inactive status raise some concerns, but there is no clear evidence of malicious intent.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 23 test file(s) found

Test runner config found: conftest.py
23 test file(s) detected (e.g. conftest.py)

◈ Medium Documentation 7.0

Some documentation present

3 documentation file(s) (e.g. docs.py)
Detailed PyPI description (1753 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

160 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 6.0

Limited contributor diversity

2 unique contributor(s) across 73 commits in polleoai/arcus
Two distinct contributors found

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

parse. try: req = urllib.request.Request( url, method='HEAD', headers
or)'}, ) with urllib.request.urlopen(req, timeout=timeout) as resp: mime = (r
gress("fetching") urllib.request.urlretrieve(url, str(tmp_path)) except (OSError, url
try: req = urllib.request.Request(short, headers={"User-Agent": "Mozilla/5.0"})
zilla/5.0"}) with urllib.request.urlopen(req, timeout=8) as r: final = r.url
ng") try: urllib.request.urlretrieve(raw, str(tmp_path)) except (OSError, url

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

.check_auth(). auth = subprocess.run(["nlm", "login", "--check"], capture_output=True) st
""" try: result = subprocess.run( cmd, capture_output=True, text=True, timeout=ti
elative URL. result = subprocess.run( ['node', html2md, '--url', url], input=html,
r, returncode).""" proc = subprocess.run( ["nlm", *args], capture_output=True,

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: polleo.ai>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arcus-provider-runtime

Create a mini-application called 'MarkdownMaster' that leverages the 'arcus-provider-runtime' Python package to convert web content and local files into normalized markdown and structured metadata. The application should have a user-friendly command-line interface where users can input either a URL or the path to a file. Upon submission, the app will process the content using the 'arcus-provider-runtime' package, extracting key information such as headings, images, links, and other relevant metadata. The output should be two files: one containing the normalized markdown and another with the structured metadata in JSON format.

Step 1: Set up the project environment by installing necessary packages including 'arcus-provider-runtime'.
Step 2: Develop a function to handle both URL and file inputs, ensuring robust error handling for invalid URLs or paths.
Step 3: Integrate 'arcus-provider-runtime' to process the content, extracting markdown and metadata.
Step 4: Implement functionality to save the extracted markdown and metadata into separate files named after the original input source.
Step 5: Add command-line arguments to allow users to specify whether they want to extract from a URL or file path.
Step 6: Test the application thoroughly with various types of content to ensure it works as expected across different scenarios.
Step 7: Enhance the application by adding features such as command-line options to customize the output format or structure of the markdown and metadata files.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.2/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue