helius-api

v1.0.0 suspicious
4.0
Medium Risk

A lightweight Helius RPC client in python for Solana that offers a variety of features including enhanced transaction history, token metadata, and more.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits low risks in terms of network, shell, obfuscation, and credential interactions but has a high metadata risk due to its novelty and lack of maintainer history, which raises concerns about potential malicious intent.

  • High metadata risk
  • Very new package with low maintainer history
Per-check LLM notes
  • Network: The network call pattern is expected for an API interaction with Helius services.
  • Shell: No shell execution patterns detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is very new with low metadata quality and limited maintainer history, raising suspicion of potential malintent.

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • try: response = requests.post( self.url, json=payload, headers=headers, timeou
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T05:52:06.000Z)
  • Author "rkohl" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)