AI Analysis
Final verdict: SUSPICIOUS
The package shows low risks in terms of network, shell, and obfuscation activities but has a high metadata risk due to recent upload, lack of maintainer history, and potential typosquatting.
- High metadata risk
- Potential typosquatting
Per-check LLM notes
- Network: No network calls detected, which is normal unless the package requires internet access for its functionality.
- Shell: No shell execution patterns detected, indicating no immediate signs of malicious activity.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
- Credentials: No credential harvesting patterns detected, indicating low risk of secret theft.
- Metadata: High risk due to recent upload, lack of maintainer history, and potential typosquatting.
- ⚠ Typosquatting target: babel
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
score 3.0
Possible typosquat of: babel
"tlabel" is 2 edit(s) from "babel"
Registered Email Domain
Email domain looks legitimate: touchlabelai.cn>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 8.0
4 maintainer concern(s) found
Only one version has ever been released — brand new packagePackage uploaded less than 24 hours ago (2026-06-05T09:09:15.000Z)Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)