Package Metadata

Author: —
Email: Victor Marin <[email protected]>
PyPI: rubam
Python: >=3.8
Versions: 1 release
First release: 05 Jun 2026, 09:03 UTC
Analysed: 05 Jun 2026, 09:06 UTC
Source files: 42 .py files scanned

Project Links

Classifiers

Operating System :: MacOSOperating System :: Microsoft :: WindowsOperating System :: POSIX :: LinuxProgramming Language :: PythonProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.8Programming Language :: Python :: 3.9

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low risks in terms of network calls, shell executions, obfuscation, and credential handling. However, the metadata risk score is high due to the recent creation of the repository and lack of maintainer history, which raises concerns about its legitimacy.

High metadata risk due to recent repository creation
Lack of maintainer history

Per-check LLM notes

Network: No network calls detected, which is normal.
Shell: Shell execution is present but appears to be related to file operations and command-line utilities, which could be legitimate depending on the package's functionality.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The recent creation of the repository and package, along with the lack of maintainer history, indicates potential risk.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

me_out, "wb") as out: subprocess.run(cmd, stdout=out, check=True) def tabix_index(filename, pre
cmd.append(str(filename)) subprocess.run(cmd, check=True) def tabix_iterator(infile, parser=None):
catch_stdout: proc = subprocess.run(argv, capture_output=True, check=False) if check and
dout else: proc = subprocess.run(argv, check=False) if check and proc.returncode != 0
...] = tuple( subprocess.check_output([self._tabix, "-l", self._path],
lf for fetch). proc = subprocess.Popen( [self._tabix, self._path, region],

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository created very recently: 2 day(s) ago (2026-06-03T15:47:21Z)

Repository created very recently: 2 day(s) ago (2026-06-03T15:47:21Z)
Repository has zero stars and zero forks

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T09:03:29.000Z)
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)