outfitter-dispatch

v0.1.0 suspicious
6.0
Medium Risk

Local control plane for orchestrating Codex agent lanes over the Codex App Server.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows elevated risks due to potential shell execution and concerns about its metadata, including recent creation and lack of maintainer history. These factors collectively suggest a need for caution.

  • Elevated shell risk
  • Suspicious metadata
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires external services.
  • Shell: Detected shell execution patterns may indicate potential for executing arbitrary commands, suggesting elevated risk for potential exploitation or malicious activities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, indicating low risk of secret theft.
  • Metadata: The recent creation of the repository and package, coupled with the lack of maintainer history and author details, raises suspicion.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • sys.argv) > 1 else "/tmp" p = subprocess.Popen(["codex", "app-server", "--listen", "stdio://"], stdin=s
  • sys.argv) > 1 else "/tmp" p = subprocess.Popen(["codex","app-server","--listen","stdio://"],stdin=subproces
  • "user" def sh(c, cwd): return subprocess.run(c, cwd=cwd, capture_output=True, text=True) def new_repo():
  • o, "reviewer:", REVIEWER) p = subprocess.Popen(["codex","app-server","--listen","stdio://"],stdin=subproces
  • async def main(): srv = subprocess.Popen(["codex","app-server","--listen",URL],stdout=subprocess.PIPE
  • async def main(): srv = subprocess.Popen(["codex", "app-server", "--listen", URL.replace("ws://", "ws
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: outfitter.dev>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository created very recently: 2 day(s) ago (2026-06-02T20:03:49Z)

  • Repository created very recently: 2 day(s) ago (2026-06-02T20:03:49Z)
Maintainer History score 10.0

5 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T02:06:52.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)