breslin

v0.1.0 suspicious
6.0
Medium Risk

Any break requires three things: knowing the layout, understanding the routine and help from outside or inside

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to shell execution capabilities and concerns over metadata quality. While it does not exhibit signs of immediate malicious activity, the combination of signals raises suspicion about its legitimacy and potential for misuse.

  • Shell risk indicating potential for abuse
  • Metadata quality issues with new maintainer and missing git repo
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution patterns may indicate the package is designed to run commands on the host system, which could be legitimate if documented functionality, but also suggests potential for abuse.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows several red flags including low metadata quality, new maintainer account, and lack of associated git repository.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • RUN_PROMPT, ] proc = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr
  • ce] try: result = subprocess.run( cmd, capture_output=True, text=True, timeout=30
  • al Docker runs. listing = subprocess.run( ["kubectl", "auth", "can-i", "--list"], cap
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-04T21:51:43.000Z)
  • Author "vvcb" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)