Package Metadata

Author: —
Email: —
PyPI: ripple-impact-mcp
Python: >=3.10
Versions: 1 release
First release: 05 Jun 2026, 08:34 UTC
Analysed: 05 Jun 2026, 08:51 UTC
Source files: 10 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Scientific/Engineering :: Artificial IntelligenceTopic :: Software Development :: LibrariesTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some red flags such as recent repository creation, a single version release, and minimal author details, raising concerns about its legitimacy and potential for supply-chain attacks.

Recent repository creation and single version release suggest the package may be new or unvetted.
Minimal author details increase suspicion regarding the authenticity of the package.

Per-check LLM notes

Network: No network calls detected, which is normal and does not indicate any risk.
Shell: Subprocess execution is observed but appears to be for version checks and command execution with timeouts, suggesting legitimate functionality rather than malicious activity.
Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
Credentials: No credential harvesting patterns detected, indicating low risk of credential theft.
Metadata: The package shows several red flags including recent repository creation, single version release, and an author with minimal details.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

one: try: subprocess.run(["rg", "--version"], capture_output=True, timeout=3)
h]) try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=60) except
th] try: result = subprocess.run(cmd, capture_output=True, text=True, timeout=60) except

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository created very recently: 3 day(s) ago (2026-06-02T07:57:26Z)

Repository created very recently: 3 day(s) ago (2026-06-02T07:57:26Z)

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T08:34:57.000Z)
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)