AI Analysis
Final verdict: SUSPICIOUS
The package has a relatively low risk profile except for its metadata, which raises suspicion due to its recent creation and limited information. Further investigation is recommended.
- Metadata risk due to new package with limited information
- Potential supply-chain attack concerns
Per-check LLM notes
- Network: Network calls using httpx are common for packages needing to fetch external resources or communicate with services.
- Shell: No shell execution patterns were detected.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
- Credentials: No credential harvesting patterns detected, indicating low risk of malicious activity.
- Metadata: The package is newly created with limited information, raising suspicion of potential malicious intent.
Heuristic Checks
Outbound Network Calls
score 6.0
Found 4 network call pattern(s)
try: async with httpx.AsyncClient(timeout=_DISCOVERY_TIMEOUT_SECONDS) as client:try: async with httpx.AsyncClient(timeout=_QUERY_TIMEOUT_SECONDS) as client:rue}} async with httpx.AsyncClient(timeout=_DISCOVERY_TIMEOUT_SECONDS) as client:ers() async with httpx.AsyncClient(timeout=_DISCOVERY_TIMEOUT_SECONDS) as client:
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: bipixie.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 8.0
4 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T03:20:09.000Z)Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)