nice-agent

v0.1.0 suspicious
6.0
Medium Risk

Your autonomous CLI AI engineer

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate level of risk primarily due to its high shell execution risk and suspicious metadata, suggesting potential security concerns. However, no direct evidence of malicious intent or obfuscation has been found.

  • High shell execution risk
  • Suspicious metadata and recent upload
Per-check LLM notes
  • Network: The network calls are likely used for legitimate communication with external services, but without context, there's a risk of unintended data transfer.
  • Shell: The use of shell commands and subprocess execution can be risky as it allows the package to execute arbitrary commands on the system, which could potentially be exploited.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is highly suspicious due to its recent upload, lack of maintainer history, and an untraceable git repository.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • try: with httpx.Client() as client: response = client.post(
  • try: with httpx.Client() as client: with client.stream(
  • de_tools(tools) with httpx.Client() as client: response = client.post(
  • red.""" try: with httpx.Client(follow_redirects=True) as client: resp = client.
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • .platform != "win32": os.system("stty sane 2>/dev/null") typer.echo(f"\n{'=' * 50}")
  • tuple[str, int]: result = subprocess.run(cmd, shell=True, capture_output=True, text=True) return
  • md: str) -> str: result = subprocess.run( cmd, shell=True, capture_output=Tru
  • ." try: result = subprocess.run( command, shell=True, ca
  • result = subprocess.run(cmd, shell=True, capture_output=True, text=True) return (result.stdout
  • ess.run( cmd, shell=True, capture_output=True, text=True, ti
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T01:06:17.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)