AI Analysis
Final verdict: SUSPICIOUS
The package is flagged due to its recent upload time, lack of a verified development history, and potential network risks. These factors suggest possible supply-chain concerns.
- Non-existent git repository
- New and potentially inactive maintainer
- Recent upload time
- Potential unauthorized network activity
Per-check LLM notes
- Network: The package makes network calls which could be legitimate for registration, resolving addresses, and querying data, but requires further investigation to ensure there's no unauthorized data exchange.
- Shell: No shell execution patterns detected.
- Metadata: The package shows several red flags including a non-existent git repository, a new and potentially inactive maintainer, and was uploaded less than 24 hours ago.
Heuristic Checks
Outbound Network Calls
score 4.5
Found 3 network call pattern(s)
L_INDEX) -> dict: r = httpx.post(f"{index_url}/register", json={ "address": self.to agent details.""" r = httpx.get(f"{index_url}/resolve", params={"address": address}) retk, v in axes.items()} r = httpx.get(f"{index_url}/query", params=params) return r.json().get
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gtll.co>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 3.0
Repository not found (deleted or private)
Repository not found (deleted or private)
Maintainer History
score 8.0
4 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T08:51:19.000Z)Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)