okxweb3-app-x402

v0.1.0 suspicious
6.0
Medium Risk

x402 Payment Protocol SDK for Python

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk due to its recent upload, low author activity, and potential obfuscation techniques, raising concerns about its legitimacy.

  • New package from an account with limited history
  • Use of base64 encoding suggesting possible code obfuscation
Per-check LLM notes
  • Network: The network call patterns suggest custom HTTP adapters and payment wrappers which may indicate unusual behavior not typical for the package name, potentially for API interactions or payment processing.
  • Shell: No shell execution patterns detected.
  • Obfuscation: The use of base64 encoding for decoding strings may indicate an attempt to obfuscate code, but it could also be a legitimate practice in some applications.
  • Credentials: No clear patterns indicative of credential harvesting have been detected.
  • Metadata: The package is new, authored by an account with limited history, and was uploaded very recently.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • chemes ... session = requests.Session() adapter = x402_http_adapter(x402) session.
  • ion = wrapRequestsWithPayment(requests.Session(), x402) response = session.get("https://api.example
  • RequestsWithPaymentFromConfig(requests.Session(), config) response = session.get("https://api.examp
  • ``` """ session = requests.Session() return wrapRequestsWithPayment(session, client, **adap
  • initialization return httpx.Client(timeout=self._timeout, follow_redirects=True) def _get_
  • self._http_client = httpx.AsyncClient(timeout=self._timeout, follow_redirects=True) return
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • string safely.""" return base64.b64decode(data.encode("utf-8")).decode("utf-8") def encode_payment_s
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository coinbase/x402 appears legitimate

Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T09:06:05.000Z)
  • Author "Coinbase" appears to have only 1 package on PyPI (new or inactive account)