arkhe-db

v0.4.0 suspicious
5.0
Medium Risk

Database interfaces and advanced collections for Arkhe.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package arkhe-db v0.4.0 has several red flags regarding metadata, indicating low author engagement and newness, which raises suspicion. However, it does not exhibit any immediate signs of malicious activity.

  • Metadata risk score of 7 out of 10
  • No description provided
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires internet access to function properly.
  • Shell: No shell execution patterns detected, indicating no immediate signs of malicious shell command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows several red flags indicating low author engagement and newness, raising suspicion.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Package uploaded less than 24 hours ago (2026-06-05T01:32:37.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)