korasafe-sdk

v0.2.0 suspicious
4.0
Medium Risk

KoraSafe Python SDK — inline guardian scans + chain-of-thought trace capture for Python agents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits low risks in terms of network, shell, obfuscation, and credential handling but has a high metadata risk due to its newness and lack of maintainer history.

  • High metadata risk due to new package and unknown maintainer
  • No direct evidence of malicious activities
Per-check LLM notes
  • Network: The observed network call patterns indicate the package likely uses HTTP/HTTPS clients for making requests to an API or service, which is common for SDKs.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is very new with no maintainer history and a GitHub API error, indicating potential risk.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • self._client = http_client or httpx.Client(timeout=timeout) self._async_client = async_http_cli
  • client = async_http_client or httpx.AsyncClient(timeout=timeout) def scan( self, input:
  • self._client = http_client or httpx.Client(timeout=timeout_s) self._owned_client = http_client
  • le.test", http_client=httpx.Client(transport=transport), async_http_client=httpx.AsyncC
  • t), async_http_client=httpx.AsyncClient(transport=transport), ) def json_response(payload: dic
  • le.test", http_client=httpx.Client(transport=httpx.MockTransport(lambda _request: json_response
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

GitHub API error: 403

  • GitHub API error: 403
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-04T23:35:30.000Z)
  • Author "KoraSafe" appears to have only 1 package on PyPI (new or inactive account)