Package Metadata

Author: Natilah Technologies
Email: —
PyPI: natilah-smre
Python: >=3.9
Versions: 1 release
First release: 05 Jun 2026, 09:00 UTC
Analysed: 05 Jun 2026, 09:05 UTC
Source files: 9 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: Science/ResearchLicense :: OSI Approved :: Apache Software LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.9Topic :: Scientific/Engineering :: Artificial Intelligence

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high levels of network and obfuscation risks alongside significant metadata anomalies, indicating potential malicious intent or a supply-chain attack. Further investigation is warranted.

High network risk
Significant obfuscation
Suspicious metadata

Per-check LLM notes

Network: The observed network calls suggest the package is communicating with an external API which could be used for data exfiltration or other unauthorized activities.
Shell: No shell execution patterns were detected.
Obfuscation: The code snippet shows signs of obfuscation which may indicate an attempt to hide functionality, raising suspicion.
Credentials: No clear patterns of credential harvesting were detected.
Metadata: Highly suspicious activity indicates potential malicious intent or supply-chain attack.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

r {}}).encode() req = urllib.request.Request( f"{_API_BASE}/api/smre/events",
hod="POST", ) urllib.request.urlopen(req, timeout=3) except Exception: pass
on as _json req = urllib.request.Request( f"{_API_BASE}/api/smre/me",
data = _json.loads(urllib.request.urlopen(req, timeout=8).read()) print(f" custom

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

cted={unexpected}") model.eval() ids = _load_wikitext_ids(model_dir, max_tokens) n

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 10.0

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-05T08:50:46Z)

Repository created very recently: 0 day(s) ago (2026-06-05T08:50:46Z)
Repository appears empty (size = 0)
Single contributor with only 3 commit(s) — possibly throwaway account
All 3 commits happened within 24 hours

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T09:00:07.000Z)
Author "Natilah Technologies" appears to have only 1 package on PyPI (new or inactive account)