Package Metadata

Author: —
Email: Cameleon X <[email protected]>
PyPI: autoresearch-core
Python: >=3.11
Versions: 4 releases
First release: 03 Jun 2026, 16:05 UTC
Analysed: 08 Jun 2026, 02:04 UTC
Source files: 25 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Scientific/EngineeringTyping :: Typed

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows high risk due to potential credential harvesting attempts through file access and low metadata credibility due to lack of maintainer information and activity metrics.

Credential risk due to suspicious file access
Low metadata credibility with no maintainer information

Per-check LLM notes

Network: No network calls detected, which is normal unless the package requires internet access for its functionality.
Shell: No shell execution patterns detected, indicating the package does not execute system commands.
Obfuscation: No obfuscation patterns detected in the code snippet.
Credentials: The presence of paths like '../etc/passwd' and '/etc/passwd' suggests potential attempts to access sensitive files, indicating a risk of credential harvesting.
Metadata: The repository is new with no activity metrics and lacks maintainer details, raising suspicion.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 14 test file(s) found

Test runner config found: pyproject.toml
14 test file(s) detected (e.g. test_contract.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (7535 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
45 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 5.0

Limited contributor diversity

1 unique contributor(s) across 37 commits in ca1773130n/autoresearch-core
Single author but highly active (37 commits)

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

t_paths(): for bad in ("../etc/passwd", "/etc/passwd", ".git/config", "a/../../b", "C:\\x"):
for bad in ("../etc/passwd", "/etc/passwd", ".git/config", "a/../../b", "C:\\x"): errs = vali

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository created very recently: 4 day(s) ago (2026-06-03T15:55:54Z)

Repository created very recently: 4 day(s) ago (2026-06-03T15:55:54Z)
Repository has zero stars and zero forks

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autoresearch-core

Build a simple Python application using the autoresearch-core package to demonstrate its core features.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.0/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue