AI Analysis
Final verdict: SAFE
The package shows minimal risk indicators and no direct evidence of malicious activity. However, its newness and lack of proper licensing metadata raise some concerns.
- Low network, shell, obfuscation, and credential risks.
- Metadata risk due to new package status and missing secure license link.
Per-check LLM notes
- Network: No network calls detected, which is normal for a package focused on Odoo module functionality without external service dependencies.
- Shell: No shell execution patterns detected, indicating the package does not execute system commands, which aligns with typical Python package behavior.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package is new, lacks a secure license link, and the maintainer has limited history with PyPI.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: odoo-community.org
Suspicious Page Links
score 2.0
Found 1 suspicious link(s) on the package page
Non-HTTPS external link: http://www.gnu.org/licenses/agpl-3.0-standalone.html
Git Repository History
score 3.0
GitHub API error: 403
GitHub API error: 403
Maintainer History
score 6.0
3 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T06:42:28.000Z)Author "Solvos, Odoo Community Association (OCA)" appears to have only 1 package on PyPI (new or inactive account)