AI Analysis
Final verdict: SAFE
The package appears to be designed for legitimate purposes, fetching and processing logos from websites. With low scores for both network and shell risks, there's no strong indication of malicious intent or supply-chain attack.
- Low network risk suggests legitimate external data fetching.
- No shell execution detected.
Per-check LLM notes
- Network: The observed network calls may be legitimate if the package is designed to fetch data from external sources like logos or other resources.
- Shell: No shell execution patterns detected, suggesting low risk in this area.
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
cons = [] async with httpx.AsyncClient( headers=LogoHunter.DEFAULT_HEADERS, timeout=30.turn None async with httpx.AsyncClient( headers=LogoHunter.DEFAULT_HEADERS, timeout=30.
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: koodaamo.fi>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T08:32:20.000Z)Author "Petri Savolainen" appears to have only 1 package on PyPI (new or inactive account)