cryoPARES

v0.1.0 suspicious
5.0
Medium Risk

Cryo-EM Pose-Assignment for Related Experiments via Supervision

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk due to potential obfuscation and incomplete metadata, which raises concerns about its legitimacy and purpose.

  • Potential obfuscation techniques observed
  • Incomplete author and maintainer information
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: The use of shell=True in subprocess.run is risky but may be necessary for legitimate operations like checking ulimit settings.
  • Obfuscation: The observed patterns suggest potential obfuscation techniques, but they could also be part of normal model evaluation procedures.
  • Credentials: No clear signs of credential harvesting detected.
  • Metadata: The package is newly uploaded with incomplete author information and could be a potential risk due to lack of maintainer history.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 5 obfuscation pattern(s)

  • compile(model) model.eval() self._model = model return model @cac
  • atch=example_batch) model.eval() out = model(imgs, top_k=1) print(out[0].shape)
  • e, encoder=encoder) model.eval() # Store all results rotation_errors = defaultdict
  • atch=example_batch) model.eval() out = model(imgs, top_k=1) print(out[4]) out2
  • scores = [] self.eval() with torch.inference_mode(): for datal
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • f._datadir) ulimit = subprocess.run(["ulimit -n"], check=True, capture_output=True, shell=True)
  • ck=True, capture_output=True, shell=True) assert ulimit.returncode == 0, "Error, ulimit -n c
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: faculty.ie.edu>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository rsanchezgarc/cryoPARES appears legitimate

Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-04T22:41:49.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)