stegmark

v1.0.3 suspicious
5.0
Medium Risk

Universal steganographic analysis — statistical, forensic, and neural watermark detection

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate risks associated with obfuscation and metadata, suggesting potential hidden functionality or lack of transparency. While there are no immediate signs of malicious activities like network or shell risks, the high metadata risk warrants further investigation.

  • Obfuscation risk of 4/10
  • Metadata risk of 7/10
Per-check LLM notes
  • Network: The package downloads files from external URLs which could be legitimate if the sources are trusted and the purpose is documented.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The code shows signs of obfuscation which may indicate an attempt to hide the functionality or make reverse engineering harder, but it could also be part of a normal implementation in machine learning models.
  • Credentials: No clear patterns indicating credential harvesting were detected.
  • Metadata: High risk due to recent upload, single version, and lack of maintainer information.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • weights (~25MB)...") urllib.request.urlretrieve(STABLE_SIG_WEIGHTS_URL, STABLE_SIG_CACHE)
  • rb") as f: resp = requests.post( f"{MODAL_URL}/predict", fil
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • map_location="cpu") model.eval() return model def detect_stable_signature(image_path:
  • "model_state"]) model.eval() transform = transforms.Compose([ tran
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T06:06:32.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)