plivo-mirror-v5

v0.5.0 suspicious
4.0
Medium Risk

Real-time firewall that verifies a voice agent's output against ground truth.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows potential network risks due to HTTP requests, though these may be legitimate. However, the metadata suggests a high risk with incomplete maintainer information and a recent single-version upload, raising suspicion.

  • network risk from HTTP requests
  • metadata risk due to incomplete maintainer info and recent single-version upload
Per-check LLM notes
  • Network: Network calls suggest the package is making HTTP requests which could be for legitimate purposes like API interactions but warrant further investigation to ensure no unauthorized data transfer.
  • Shell: No shell execution patterns detected, indicating low risk of direct system command abuse.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: High risk due to recent upload, single version, and incomplete maintainer information.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ist[Utterance]: req = urllib.request.Request( self.URL, data=path.read_by
  • POST", ) with urllib.request.urlopen(req, timeout=120) as resp: payload = jso
  • try: req = urllib.request.Request( url, data=json.dumps(payload).encod
  • plication/json"}) urllib.request.urlopen(req, timeout=5) # noqa: S310 except Excepti
  • config" try: with urllib.request.urlopen(url, timeout=timeout) as resp: # noqa: S310
  • = self.api_key req = urllib.request.Request( self.ingest_url, data=json.
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

GitHub API error: 403

  • GitHub API error: 403
Maintainer History score 10.0

5 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T06:29:27.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)