preship

v0.1.0 suspicious
6.0
Medium Risk

Preship: FastAPI 스테이징 URL을 퍼징해 터지는 입력과 패턴별 AI 수정 프롬프트를 내주는 출시 전 진단 CLI.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple concerning behaviors including high shell execution risk and moderate network and obfuscation risks. Its novelty and lack of development effort raise additional suspicions.

  • High shell risk
  • Moderate network risk
  • Signs of low-effort development
Per-check LLM notes
  • Network: The package makes network requests which could be legitimate, but requires further investigation to ensure they are not being used for unauthorized data transmission.
  • Shell: Executing shell commands can be risky if not properly sanitized or intended for malicious purposes, suggesting potential for code injection or unintended behavior.
  • Obfuscation: The use of base64 decoding suggests some level of obfuscation, but it could also be a legitimate part of the package's functionality.
  • Credentials: No clear evidence of credential harvesting patterns detected.
  • Metadata: The package is very new and shows signs of low effort, raising suspicion of potential malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • eader). """ request = urllib.request.Request(_schema_url(url)) for name, value in _parse_head
  • _header(name, value) with urllib.request.urlopen(request, timeout=30) as response: # noqa: S310 (사용자
  • _KNOWN_PATH request = urllib.request.Request(probe_url) for name, value in _parse_headers
  • try: with urllib.request.urlopen(request, timeout=10) as response: # noqa: S310 (사용자
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • try: return base64.b64decode(blob["$base64"]).decode("utf-8", "replace") except E
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • 절대경로라 동작은 불변. proc = subprocess.run(cmd, capture_output=True, text=True, cwd=tmp) # sche
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T07:26:50.000Z)
  • Author "Preship" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)