win11-release-guard

v0.3.0 suspicious
6.0
Medium Risk

Windows 11 broad-fleet release compliance guard.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple concerning behaviors, particularly in its use of shell commands and obfuscation techniques, indicating potential risks. However, there is no concrete evidence of malicious intent.

  • High shell risk due to system-modifying commands
  • Moderate obfuscation risk with base64 encoding
Per-check LLM notes
  • Network: The network calls appear to be fetching license information or similar, which could be legitimate but warrants further investigation.
  • Shell: The shell executions include commands that interact with system utilities like git, dism, and powershell, which can modify the system state. This is concerning and may indicate unauthorized system changes.
  • Obfuscation: The code uses base64 decoding for keys which could be an attempt to obscure the actual usage or hide sensitive information.
  • Credentials: No direct evidence of credential harvesting is present; however, caution should be exercised around handling of encoded keys.
  • Metadata: The package shows several red flags including low activity, lack of community support, and minimal metadata effort, suggesting potential risk.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • licFetchResult: request = urllib.request.Request( url, headers={ "User-Ag
  • , ) try: with urllib.request.urlopen(request, timeout=timeout) as response: h
  • YTES, ) -> str: request = urllib.request.Request( url, headers={ "User-Ag
  • l", }, ) with urllib.request.urlopen(request, timeout=timeout) as response: chars
  • YTES) -> bytes: request = urllib.request.Request( url, headers={ "User-Ag
  • l", }, ) with urllib.request.urlopen(request, timeout=timeout) as response: retur
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • y.from_private_bytes( base64.b64decode(private_key_b64) ) public_key = private_key.public_k
  • n raw try: return base64.b64decode(raw, validate=True) except binascii.Error: retur
  • pass try: return base64.b64decode(normalized, validate=True) except binascii.Error:
Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • return result = subprocess.run( ["git", "-c", "safe.directory=*", "ls-files", "*han
  • s."]} try: proc = subprocess.run( DISM_PACKAGES_COMMAND, capture_outp
  • ) try: proc = subprocess.run( ["powershell.exe", "-NoProfile", "-NonInteracti
  • None: try: proc = subprocess.run( ["dism.exe", "/Online", "/Get-CurrentEdition"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T05:19:41.000Z)
  • Author "Mikail ("Avnsx") C." appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)