AI Analysis
Final verdict: SUSPICIOUS
The package shows signs of potential malicious intent due to a newly created account and missing repository, despite having low risks in terms of network calls, shell execution, obfuscation, and credential harvesting.
- newly created account
- missing repository
Per-check LLM notes
- Network: No network calls detected, which is normal for a typical qrcode generation library.
- Shell: No shell execution detected, indicating the package does not attempt to execute arbitrary commands.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows several red flags including a newly created account with low metadata quality and a missing repository.
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
score 3.0
Suspicious email domain flags: Very short email domain: qq.com>
Very short email domain: qq.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 3.0
Repository not found (deleted or private)
Repository not found (deleted or private)
Maintainer History
score 8.0
4 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T08:43:21.000Z)Author "SoftGod4MrLi" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)