AI Analysis
Final verdict: SUSPICIOUS
The package exhibits signs of potential typosquatting and has low maintainer activity, raising concerns about its legitimacy and security.
- Potential typosquatting targeting 'arq'
- Low maintainer activity
Per-check LLM notes
- Network: No network calls detected, which is normal if the package does not require internet access.
- Shell: No shell execution patterns detected, indicating no direct system command execution attempts.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows several red flags including a very recent repository creation, low maintainer activity, and potential typosquatting.
- ⚠ Typosquatting target: arq
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
score 3.0
Possible typosquat of: arq
"ardiq" is 2 edit(s) from "arq"
Registered Email Domain
Email domain looks legitimate: proton.me>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 5.0
Git history flags: Repository created very recently: 6 day(s) ago (2026-05-29T12:43:01Z)
Repository created very recently: 6 day(s) ago (2026-05-29T12:43:01Z)Repository has zero stars and zero forks
Maintainer History
score 6.0
3 maintainer concern(s) found
Package uploaded less than 24 hours ago (2026-06-04T23:01:27.000Z)Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)