kubernetes-pydra

v0.1.0 suspicious
4.0
Medium Risk

Python Kubernetes DRA (Dynamic Resource Allocation) plugins

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows minimal risks in terms of network, shell, obfuscation, and credential handling. However, the metadata risk due to recent creation and incomplete maintainer information raises concerns about its legitimacy.

  • Recent creation date
  • Incomplete maintainer profile
Per-check LLM notes
  • Network: No network calls detected, which is typical and not indicative of malicious activity.
  • Shell: Shell execution appears to be for testing Kubernetes resources locally, suggesting normal package functionality rather than malicious intent.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The recent creation and rapid activity suggest potential risk, especially with an incomplete maintainer profile.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • sts in the test_namespace subprocess.run(["kubectl", "apply", "-n", test_namespace, "-f", "tests/test
  • === DIAGNOSTICS ===") subprocess.run(["kubectl", "get", "pods,resourceclaims,deviceclasses,resour
  • , "-A"], check=False) subprocess.run(["kubectl", "describe", "pod", "test-pod", "-n", test_namesp
  • espace], check=False) subprocess.run(["kubectl", "describe", "resourceclaim", "tpu-claim", "-n",
  • file was written cdi_ls = subprocess.run(["docker", "exec", f"{CLUSTER_NAME}-control-plane", "ls", "/
  • cdi_files[-1] cdi_cat = subprocess.run(["docker", "exec", f"{CLUSTER_NAME}-control-plane", "cat", f
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-04T14:09:36Z)

  • Repository created very recently: 0 day(s) ago (2026-06-04T14:09:36Z)
  • All 13 commits happened within 24 hours
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-04T22:01:36.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)