opensignalbox-common

v0.1.0 suspicious
6.0
Medium Risk

The common library module for the opensignalbox simulation framework.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to its potential for executing shell commands and interacting with external services, despite having no clear signs of obfuscation or credential theft. Its metadata suggests a lack of transparency and a potential new threat.

  • High shell risk
  • Potential network interactions
  • Lack of maintainer information
  • Single version release
Per-check LLM notes
  • Network: Network calls to an external address may indicate data transmission but could also be legitimate if the package requires interaction with a remote service.
  • Shell: Executing shell commands can pose a high risk as it allows for arbitrary command execution, which might be used maliciously.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is highly suspicious due to the recent upload, single version release, and lack of maintainer information.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • lf): try: requests.put( self.module_info.framework_address + "api/b
  • endency): ajax_response = requests.get( framework_address + "api/box/shared-variables",
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • on, requirement) result = subprocess.run( pip_args, cwd=str(module_directory),
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: opensignalbox.org>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T06:54:17.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)