parosol-py

v0.1.3 suspicious
5.0
Medium Risk

Python package and API wrapper for the ParOSol micro-FE solver

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its shell execution activities and signs of low maintenance effort, raising concerns about potential supply-chain attacks.

  • Shell execution observed
  • Low effort in metadata
Per-check LLM notes
  • Network: No network calls detected, indicating low risk for data exfiltration or C2 communication.
  • Shell: Shell execution is observed but appears to be for SDK path retrieval and wheel building, which might be legitimate but warrants further investigation into the package's purpose.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating low risk of secret theft.
  • Metadata: The package shows signs of low effort and a new maintainer, increasing suspicion of potential malintent.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • "+ " + " ".join(command)) subprocess.run(command, check=True) if __name__ == "__main__": raise
  • "SDKROOT"): sdkroot = subprocess.run( ["xcrun", "--sdk", "macosx", "--show-sdk-path"]
  • t("+", " ".join(command)) subprocess.run(command, cwd=ROOT, env=env, check=True) def _single_wheel(
  • if stream: proc = subprocess.Popen( command, cwd=cwd, text=
  • nks) else: proc = subprocess.run( command, cwd=cwd, text=True, capture_output=Tru
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

GitHub API error: 403

  • GitHub API error: 403
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T04:35:13.000Z)
  • Author "Matthias Walle" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)