Package Metadata

Author: —
Email: Marco Lux <[email protected]>
PyPI: axross
Python: >=3.10
Versions: 1 release
First release: 07 May 2026, 16:57 UTC
Analysed: 08 Jun 2026, 16:34 UTC
Source files: 63 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaEnvironment :: X11 Applications :: QtIntended Audience :: End Users/DesktopIntended Audience :: System AdministratorsOperating System :: MacOSOperating System :: Microsoft :: WindowsOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple suspicious behaviors including potential shell execution, obfuscation techniques, and signs of improper credential handling. These factors, combined with metadata inconsistencies, suggest a high likelihood of malicious intent.

Shell execution risks
Potential credential harvesting
Metadata inconsistencies

Per-check LLM notes

Network: The presence of network calls suggests potential external communication which may be legitimate but requires further investigation to confirm its purpose and destination.
Shell: Detection of shell execution patterns indicates that the package could potentially execute arbitrary commands on the host system, which is highly suspicious and may indicate malicious intent.
Obfuscation: The presence of base64 and zlib decoding suggests data may be obfuscated, but it could also be legitimate for data storage or transmission purposes.
Credentials: The use of keyring and checks against absolute and path-traversal vulnerabilities indicates potential handling of sensitive information, which could be for legitimate purposes but also raises suspicion for credential harvesting.
Metadata: The package shows several red flags including a non-existent git repository, a single version release, and an author with limited or no history.

📦 Package Quality Overall: Low (4.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

Test runner config found: pyproject.toml

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/c0decave/axross#readme
Detailed PyPI description (4132 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

951 type-annotated function signatures detected in source

○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

GitHub API error: 404

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

makepasv() conn = socket.create_connection((host, port), self.timeout, ...) (if TLS) conn =
out) else: sock = socket.create_connection((host, port), timeout=timeout) if use_tls: ctx =
the timeout. """ with socket.create_connection((host, int(port)), timeout=timeout) as sock: sock.se
try: with socket.create_connection((host, int(port)),
""" try: with socket.create_connection((host, int(port)), timeout=timeout): return True
s not None else host with socket.create_connection((host, int(port)), timeout=timeout) as raw: raw.sett

⚠ Code Obfuscation score 10.0

Found 5 obfuscation pattern(s)

decoded_bytes = base64.b64decode(encoded) result.append(decoded_bytes.decode(
_root) data = base64.b64decode(content_b64, validate=True) with backend.ope
portable.""" try: __import__(import_probe) return True except ImportError: return
try: decoded = zlib.decompress(raw_compressed) except zlib.error: try:
ry: decoded = zlib.decompress(raw_compressed, -zlib.MAX_WBITS) except zlib.err

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

"C"} try: return subprocess.run( argv, input=stdin, capt
rt subprocess subprocess.run( cmd, capture_output=True, timeout=timeo
try: proc = subprocess.run( cmd, capture_output=True, text=True,
in", ] proc = subprocess.run(cmd, capture_output=True, text=True,
(util-linux)") proc = subprocess.run( [binary, "-J", "-O"], capture_outpu
_command(cmd)) return subprocess.run( cmd, check=check, captu

⚠ Credential Harvesting score 10.0

Found 6 credential access pattern(s)

import keyring return keyring.get_password(SERVICE_NAME, _entry_name(profile_name)) except Exceptio
`. An entry like ``../../../etc/passwd`` is refused and no files are written (the target dir is
on: * absolute paths (``/etc/passwd``, ``C:\\foo``) * path traversal (``..``) that escapes
cal case: ``/var/log/*`` or ``/etc/shadow``), this module dispatches the operation to ``pkexec`` so t
erver can't cause us to ``cat /etc/shadow``. * Path validation mirrors :mod:`core.previews`: no NUL b
ould ask to ``write_file("/etc/passwd")`` and the backend would happily obey because the path

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: undisclose.de>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

Repository not found (deleted or private)

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axross

Create a fully-functional mini-application named 'FileMixer' using the Python package 'axross'. FileMixer is designed to serve as a versatile file management tool that supports multiple protocols such as FTP, SFTP, and HTTP. The application should have a user-friendly interface built with PyQt6, allowing users to easily manage their files across different servers and local directories. Additionally, it should include a scripting surface where users can write scripts to automate common tasks like file transfers, renaming, and deletions. The application should also function as a MCP (Multi-Client Protocol) server, enabling remote control and automation of file operations through a network.

Step-by-step instructions:
1. Set up the environment: Ensure you have Python and the necessary dependencies installed, including the 'axross' package.
2. Design the UI: Use PyQt6 to create a clean and intuitive user interface. Include panels for managing local files, remote files via supported protocols, and a scripting area.
3. Implement file management features: Allow users to perform basic file operations such as copying, moving, renaming, and deleting both locally and remotely.
4. Integrate the scripting surface: Enable users to write scripts for automating file management tasks. Scripts should be executable within the application.
5. Develop MCP server functionality: Implement a feature that allows other clients to connect and control the file management actions on your 'FileMixer' instance.

Suggested Features:
- Support for drag-and-drop file transfer between local and remote directories.
- A history log of recent file operations for auditing purposes.
- A notification system for successful and failed operations.
- Customizable themes for the user interface.
- Integration with cloud storage services like Google Drive and Dropbox.

How to utilize 'axross':
- Utilize the 'axross' package to handle connections to remote servers using various protocols.
- Leverage its scripting capabilities to allow users to write and execute custom scripts directly within the application.
- Employ its MCP server functionality to enable remote control of file operations.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Low (4.6/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue