🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some suspicious behavior due to its minimal metadata and lack of an associated GitHub repository, despite showing low risk in terms of network, shell, and obfuscation activities.

Minimal metadata and no associated GitHub repository
Newly created package

Per-check LLM notes

Network: The observed network patterns suggest the package is making HTTP requests to an endpoint, which could be legitimate if the package's functionality involves API calls or web services.
Shell: No shell execution patterns were detected.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The package is newly created with minimal information and no associated GitHub repository, raising suspicion.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

encode('utf-8') req = urllib.request.Request(self.endpoint, data=data, headers=headers, method="P
try: with urllib.request.urlopen(req) as response: result = json.load

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: anantalabs.app>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

No GitHub repository linked

No GitHub repository link found

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T08:33:56.000Z)
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)