opensignalbox

v0.1.1 suspicious
6.0
Medium Risk

The opensignalbox simulation framework.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks related to network and shell operations, which could potentially be exploited for malicious purposes. However, there's no direct evidence of malicious intent, such as obfuscation or credential harvesting.

  • High network risk due to potential unauthorized data transmission.
  • High shell risk due to potential execution of arbitrary commands.
Per-check LLM notes
  • Network: The network calls may indicate the package is fetching updates or data from a remote server, but without context, it could also suggest unauthorized data transmission.
  • Shell: Executing processes via subprocess.Popen can be legitimate, but it also poses a high risk as it might be used to run arbitrary commands, potentially leading to system compromise.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is newly created with limited information, and the git repository is not available, raising suspicion.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • response = requests.get( self.modules[instance_name].add
  • : ajax_response = requests.get( box.modules[module_name].address + "api/sha
  • try: return requests.head("http://" + address + "/api") except requests.except
  • hile True: response = requests.get("http://" + address + "/api/box") if response.json()
  • esent...") response = requests.put( "http://" + full_address + "/api/box", params={
  • tart enabled...") requests.put("http://" + full_address + "/api/systick/autostart")
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • le_processes[instance_name] = subprocess.Popen( # type: ignore args,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: opensignalbox.org>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T06:54:15.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)