🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate metadata risks due to low maintainer activity and poor metadata quality. While there are no immediate threats from network, shell, or obfuscation risks, the metadata issues raise concerns about potential supply-chain attacks.

Moderate metadata risk due to poor metadata quality and low maintainer activity
No immediate threats detected in network, shell, or obfuscation checks

Per-check LLM notes

Network: Network calls are typical for packages that perform web requests, but further investigation is needed to ensure legitimacy of the URLs and purpose of the requests.
Shell: No shell execution patterns detected, which is normal and indicates no immediate risk from command execution.
Obfuscation: No obfuscation patterns detected, suggesting low risk of malicious intent.
Credentials: No credential harvesting patterns detected, indicating secure handling of sensitive information.
Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising suspicion.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

async with aiohttp.ClientSession() as session: async with session.get
try: async with aiohttp.ClientSession() as session: async with session.get(f"{repo
try: async with aiohttp.ClientSession() as session: async with session.get(url, ti
try: async with aiohttp.ClientSession() as session: async with session.get(dl, tim

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

⚠ Registered Email Domain score 3.0

Suspicious email domain flags: Very short email domain: qq.com>

Very short email domain: qq.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

Repository not found (deleted or private)

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)
Package has no PyPI classifiers (low effort / metadata quality)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ErisPulse-CYOA

构建一个名为 'StoryQuest' 的小型应用，该应用利用 'ErisPulse-CYOA' 包来实现一个基于 Ink 引擎的互动小说播放器。此应用应允许用户选择和阅读一系列预定义的故事线，并提供一个简单的用户界面来导航这些故事。此外，应用应支持富文本降级功能，以便在不支持富文本的设备上也能正常显示故事内容。

步骤1：安装 'ErisPulse-CYOA' 包并设置项目环境。
步骤2：创建一个故事数据库，包含多个故事线，每个故事线都有自己的情节、角色和结局。
步骤3：设计并实现一个用户友好的界面，包括故事列表展示、故事选择、进度保存等功能。
步骤4：集成富文本降级功能，确保故事在不同设备上的可读性。
步骤5：使用 'ErisPulse-CYOA' 提供的 Dashboard 功能监控应用运行状态和用户行为。

建议特性包括但不限于：
- 支持多语言的故事文本
- 用户个人档案系统，记录用户的阅读历史和偏好
- 社区分享功能，让用户可以分享他们的故事进展或结局
- 故事推荐算法，根据用户的阅读习惯推荐新故事