Package Metadata

Author: Amazon Web Services, Yuri Chamarelli
Email: AWSLabs MCP <[email protected]>
PyPI: awslabs.aws-iot-sitewise-mcp-server
Python: >=3.10
Versions: 19 releases
First release: 24 Sept 2025, 20:16 UTC
Analysed: 08 Jun 2026, 14:25 UTC
Source files: 31 .py files scanned

Project Links

changelog docs documentation homepage repository

Classifiers

License :: OSI Approved :: Apache Software LicenseOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential credential harvesting, which significantly elevates its risk level despite having low scores in other categories. Further investigation is required.

High credential risk
Unusual absence of network calls

Per-check LLM notes

Network: Low risk as no network calls were detected; however, absence of network calls might be unusual if the package is intended to interact with AWS services.
Shell: Very low risk as shell execution was not detected.
Obfuscation: The observed pattern is commonly used for extending package paths and does not inherently indicate malicious intent.
Credentials: The detected pattern appears to be an attempt to execute a command that could potentially harvest system credentials, indicating high risk.
Metadata: The author has only one package, which might indicate a new or less active account, but no other suspicious flags are present.

📦 Package Quality Overall: Medium (7.0/10)

✦ High Test Suite 9.0

Test suite present — 19 test file(s) found

Test runner config found: conftest.py
Test runner config found: pyproject.toml
19 test file(s) detected (e.g. __init__.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "docs" -> https://awslabs.github.io/mcp/servers/aws-iot-sitewise-mcp-s
Detailed PyPI description (29000 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Type checker (mypy / pyright / pytype) referenced in project
59 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

42 unique contributor(s) across 100 commits in awslabs/mcp
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

amespace packages. __path__ = __import__('pkgutil').extend_path(__path__, __name__) # Copyright Amazon.com, In

✓ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

te_string_for_injection('`cat /etc/passwd`') with pytest.raises(ValidationError, match='comm

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository awslabs/mcp appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Amazon Web Services, Yuri Chamarelli" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with awslabs.aws-iot-sitewise-mcp-server

Build a simple Python application using the awslabs.aws-iot-sitewise-mcp-server package to demonstrate its core features.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (7.0/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue