cherry-docs

v0.2.0 suspicious
6.0
Medium Risk

Local-first AI memory for Claude Code — capture, distill, and retrieve project knowledge automatically.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to shell execution commands and minimal metadata, suggesting it may have hidden intentions.

  • Shell risk is high at 7/10
  • Minimal metadata provided by the author
Per-check LLM notes
  • Network: Network calls are somewhat unusual but not necessarily indicative of malicious activity without further context.
  • Shell: Shell execution commands could be legitimate if the package is related to git operations or similar, but they raise concerns about potential unauthorized system access.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is new with minimal information provided by the author and no associated git repository, raising suspicion.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • ad).encode("utf-8") req = urllib.request.Request( url, data=body, headers={
  • method="POST", ) with urllib.request.urlopen(req, timeout=15) as resp: raw = resp.read().
  • 0.1}, } with httpx.Client(timeout=self.timeout) as client: response = clie
  • , } try: with httpx.Client(timeout=timeout) as client: r = client.post(_OLL
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • None: try: proc = subprocess.run( ["git", *args], cwd=cwd,
  • rt Path # Remove MCP subprocess.run(["claude", "mcp", "remove", "cherry-docs", "-s", "user"], ch
  • le. try: result = subprocess.run( ["git", "log", "--pretty=format:%H %h", "--", t
  • None: try: proc = subprocess.run( ["git", "show", f"{ref}:.claude/CLAUDE.md"],
  • t-hash", commit_hash] subprocess.Popen( cmd, stdout=subprocess.DEVNULL,
  • .CompletedProcess: return subprocess.run(cmd, capture_output=True, text=True, check=check) def _mcp
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-04T21:44:47.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)