hartrace

v0.1.0 suspicious
6.0
Medium Risk

An MCP server for HTTP traffic analysis with value provenance tracing — token-efficient HAR inspection for AI agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential obfuscation and has very little community engagement or history, raising concerns about its legitimacy and potential use in a supply-chain attack.

  • High obfuscation risk
  • Minimal repository activity and a single contributor
Per-check LLM notes
  • Network: The network call pattern suggests the package may be fetching data from an internal address, which could be legitimate if documented and used for intended functionality.
  • Shell: No shell execution patterns were detected, indicating low risk for direct system command execution.
  • Obfuscation: The presence of base64 decoding and zlib decompression suggests possible obfuscation of code, which could be used to hide malicious activities.
  • Credentials: No clear patterns indicating direct harvesting of credentials were found, but obfuscated code may contain hidden risks.
  • Metadata: The repository and package are extremely new, with minimal activity and a single contributor, raising suspicion of potential malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • /internal address"} req = urllib.request.Request(url, headers={"User-Agent": "har-mcp/0.1"}) try:
  • /0.1"}) try: with urllib.request.urlopen(req, timeout=URL_FETCH_TIMEOUT) as resp:
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • = "base64": raw = base64.b64decode(text, validate=False) else: raw = text.e
  • try: return zlib.decompress(raw) except zlib.error: return z
  • error: return zlib.decompress(raw, -zlib.MAX_WBITS) except (OSError, zlib.error):
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 10.0

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-05T01:48:14Z)

  • Repository created very recently: 0 day(s) ago (2026-06-05T01:48:14Z)
  • Repository appears empty (size = 0)
  • Very few commits: 2 total
  • Single contributor with only 2 commit(s) — possibly throwaway account
Maintainer History score 10.0

5 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T02:14:19.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)