stock-gateway

v0.1.0 suspicious
6.0
Medium Risk

A-share data aggregation SDK with explicit gateway APIs.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is rated as suspicious due to its metadata characteristics and shell execution risks, which might indicate an attempt to manipulate or harm the system.

  • High shell risk due to potential for executing scripts
  • Lack of maintainer information and recent upload
Per-check LLM notes
  • Network: Network calls are standard for fetching stock data but need monitoring for potential misuse.
  • Shell: Executing scripts from the package may indicate an attempt to extend functionality, but it could also be used for malicious purposes like running arbitrary code.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is suspicious due to its recent upload, single version release, and lack of maintainer information.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • self.session = session or requests.Session() def get_kline(self, request): raise ProviderU
  • self.session = session or requests.Session() def get_announcements(self, request): code =
  • self.session = session or requests.Session() if hasattr(self.session, "headers"): s
  • self.session = session or requests.Session() def get_quote(self, request): symbols = ",".j
  • self.session = session or requests.Session() self.limiter = limiter or ThsHotRateLimiter()
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • rfaces_demo.py" result = subprocess.run([sys.executable, str(script), "--list"], cwd=root, capture_o
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 10.0

5 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T04:48:12.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)