specgate-cli

v0.2.0 suspicious
4.0
Medium Risk

Turn a spec into a frozen acceptance harness enforced via Claude Code Stop hook.

🤖 AI Analysis

Final verdict: SUSPICIOUS

While the package shows low risks in terms of network usage, shell execution, obfuscation, and credential handling, the metadata risk is notably high due to the novelty and suspiciousness of the repository and author's profile.

  • Metadata risk score is 7 out of 10
  • Repository and author have limited history
Per-check LLM notes
  • Network: No network calls detected, which is normal and expected.
  • Shell: Shell execution is used for running tests and the main CLI command, which aligns with typical behavior for a CLI tool.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The repository and package are extremely new, with suspiciously few commits and an author with limited history, indicating potential risk.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • []) try: result = subprocess.run( cmd, capture_output=True,
  • try: proc = subprocess.run( [sys.executable, "-m", "pytest", abs_check,
  • .CompletedProcess: return subprocess.run( [sys.executable, "-m", "specgate.cli", *args],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-05T03:08:58Z)

  • Repository created very recently: 0 day(s) ago (2026-06-05T03:08:58Z)
  • All 4 commits happened within 24 hours
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T04:51:29.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)