AI Analysis
Final verdict: SUSPICIOUS
The package shows minimal risks in terms of network, shell, obfuscation, and credential handling. However, its metadata raises concerns due to the lack of maintainer history and author details.
- Metadata risk due to lack of maintainer history and author details.
- Brand new package with no established trustworthiness.
Per-check LLM notes
- Network: The network call pattern is likely legitimate for fetching API data.
- Shell: No shell execution patterns detected, indicating low risk.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package is brand new with no maintainer history and lacks essential author details, raising suspicion.
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
try: async with httpx.AsyncClient() as client: response = await client.get(API_URL
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: example.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 10.0
5 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T02:14:40.000Z)Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)