Package Metadata

Author: Sovereign AI Security Labs
Email: —
PyPI: sentraguard-sdk
Python: >=3.9
Versions: 1 release
First release: 05 Jun 2026, 06:35 UTC
Analysed: 05 Jun 2026, 07:31 UTC
Source files: 33 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.9Topic :: Security

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk due to its newness and lack of historical contributions, despite showing no immediate malicious activities such as shell execution or credential harvesting.

Metadata risk due to newness and lack of historical contributions
No immediate malicious activities detected

Per-check LLM notes

Network: The use of httpx.Client and httpx.AsyncClient suggests the package makes network calls, which is common for SDKs but should be reviewed to ensure legitimacy of endpoints.
Shell: No shell execution patterns detected, indicating low risk of executing arbitrary commands.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The repository and package show signs of being newly created and lack a history of contributions or releases, indicating potential risk.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

self._client = client or httpx.Client(timeout=timeout) self._owns_client = client is None
self._client = client or httpx.AsyncClient(timeout=timeout) self._owns_client = client is None

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 7.5

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-05T06:07:34Z)

Repository created very recently: 0 day(s) ago (2026-06-05T06:07:34Z)
Single contributor with only 3 commit(s) — possibly throwaway account
All 3 commits happened within 24 hours

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T06:35:28.000Z)
Author "Sovereign AI Security Labs" appears to have only 1 package on PyPI (new or inactive account)