AI Analysis
Final verdict: SUSPICIOUS
The package nltfile v1.0.30 has been assessed with a moderate risk score due to its metadata indicating low maintainer engagement, which raises concerns about its long-term support and security updates.
- Low maintainer engagement as indicated by the metadata.
- No significant risks detected in terms of network calls, shell executions, or obfuscation.
Per-check LLM notes
- Network: No network calls suggest the package does not engage in unexpected external communications.
- Shell: No shell executions indicate the package is not executing system commands that could be exploited.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows several low-effort indicators and lacks basic maintainer engagement.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
score 3.0
Suspicious email domain flags: Very short email domain: qq.com>
Very short email domain: qq.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 8.0
4 maintainer concern(s) found
Package uploaded less than 24 hours ago (2026-06-05T09:17:28.000Z)Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)