engrami

v0.3.0 suspicious
7.0
High Risk

Auditable, compression-driven memory infrastructure for AI agents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a high credential risk and moderate obfuscation techniques, raising significant suspicion. While not conclusive evidence of malicious intent, these factors combined with the package's newness and insecure external links warrant caution.

  • High credential risk due to targeting of .pub and .aws/credentials files
  • Moderate obfuscation through the use of slicing and import statements within strings
Per-check LLM notes
  • Network: The use of httpx for network calls is common for packages that need to fetch data from external sources.
  • Shell: No shell execution patterns detected.
  • Obfuscation: The use of slicing and import statements within strings may indicate an attempt to avoid simple pattern matching tools, but could also be used for legitimate obfuscation purposes.
  • Credentials: Patterns targeting .pub and .aws/credentials files strongly suggest potential intent to harvest credentials, indicating high risk.
  • Metadata: The package is very new with no history and contains a non-secure external link, raising concerns about potential malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • import httpx resp = httpx.get(source, timeout=timeout, follow_redirects=True,
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • w[4] else __import__("datetime").datetime.fromisoformat(row[4]), payload
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • \.pub)?$"), re.compile(r"\.aws/credentials$"), ] @dataclass class SecurityDecision: """Outcome o
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://host:8765/mcp
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T03:59:13.000Z)
  • Author "Engrami Contributors" appears to have only 1 package on PyPI (new or inactive account)