Package Metadata

Author: —
Email: Maciek <[email protected]>
PyPI: wyattmcph-claude-monitor
Python: >=3.9
Versions: 2 releases
First release: 05 Jun 2026, 03:27 UTC
Analysed: 05 Jun 2026, 03:45 UTC
Source files: 44 .py files scanned

Project Links

Discussions Release Notes changelog documentation homepage issues repository

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleEnvironment :: Console :: CursesIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: MacOSOperating System :: OS IndependentOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: Only

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential malicious behavior, particularly due to its recent creation and incomplete metadata, along with the use of dynamic imports that could indicate obfuscation.

Recent package creation with incomplete metadata
Use of dynamic imports suggesting possible obfuscation

Per-check LLM notes

Network: No network calls detected, indicating low risk of data exfiltration or C2 communication.
Shell: The shell executions appear to be gathering system locale and time information, which may be benign but warrants further investigation into the package's purpose.
Obfuscation: The use of dynamic imports with error handling can be a sign of obfuscation, as it hides the actual dependencies until runtime.
Credentials: No clear signs of credential harvesting detected.
Metadata: The repository and package were created very recently, the author information is incomplete, and the maintainer has only one package on PyPI, indicating potential suspicious activity.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

try: __import__(module) except ImportError: missing_mod

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

ocess.CompletedProcess[str] = subprocess.run( ["defaults", "read", "NSGlobalDomain",
ocess.CompletedProcess[str] = subprocess.run( ["date", "+%r"], capture_output=True, t
ocess.CompletedProcess[str] = subprocess.run( ["locale", "LC_TIME"], capture_output=T
ocess.CompletedProcess[str] = subprocess.run( ["readlink", "/etc/localtime"],
ocess.CompletedProcess[str] = subprocess.run( ["timedatectl", "show", "-p", "Timezone
ocess.CompletedProcess[str] = subprocess.run( ["tzutil", "/g"], capture_output=True,

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: roboblog.eu>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-05T02:22:32Z)

Repository created very recently: 0 day(s) ago (2026-06-05T02:22:32Z)

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Package uploaded less than 24 hours ago (2026-06-05T03:27:12.000Z)
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)