hirebase

v0.1.1 suspicious
4.0
Medium Risk

Official Python SDK for the Hirebase API (jobs & company data)

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk score primarily due to its metadata, which suggests it may be newly uploaded with limited maintainer history. However, other checks indicate low risks in terms of network usage, shell execution, and code obfuscation.

  • Metadata risk of 7/10 due to recent upload and lack of maintainer history
  • Network risk of 3/10, though common, requires further scrutiny of URLs and data exchange
Per-check LLM notes
  • Network: The package uses network calls to fetch resources which is common but should be reviewed for the legitimacy of URLs and data being exchanged.
  • Shell: No shell execution patterns detected, indicating low risk of direct system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret or credential theft.
  • Metadata: The package is suspicious due to its recent upload and lack of maintainer history.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • lean self._session = requests.Session() self._session.headers.update(self._settings.header
  • , exist_ok=True) with requests.get(url, stream=True, timeout=self._settings.timeout) as resp:
  • import requests with requests.get(url, stream=True, timeout=self._settings.timeout) as resp:
  • t httpx self._http = httpx.AsyncClient( base_url=self._settings.base_url, h
  • t_ok=True) async with httpx.AsyncClient(timeout=self._settings.timeout) as http: async w
  • ort httpx async with httpx.AsyncClient(timeout=self._settings.timeout) as http: async w
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: hirebase.org>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

GitHub API error: 403

  • GitHub API error: 403
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T06:40:51.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)