Package Metadata

Author: Gelu Nita, Alexey Kuznetsov
Email: —
PyPI: pychmp
Python: >=3.10
Versions: 1 release
First release: 04 Jun 2026, 23:17 UTC
Analysed: 04 Jun 2026, 23:46 UTC
Source files: 61 .py files scanned

Project Links

Algorithmic Provenance Homepage Repository

Classifiers

Development Status :: 3 - AlphaIntended Audience :: Science/ResearchLicense :: OSI Approved :: BSD LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Scientific/Engineering :: Astronomy

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant obfuscation risk due to the use of pickle, which could be used to hide malicious code. Additionally, it uses shell execution, which might be an attempt to evade detection.

High obfuscation risk due to pickle usage
Shell execution indicating possible evasion tactics

Per-check LLM notes

Network: No network calls were detected.
Shell: The use of shell execution suggests potential risk, particularly due to the creation of new sessions which can be indicative of attempts to evade process monitoring.
Obfuscation: The use of pickle for serialization and deserialization is suspicious and may indicate an attempt to hide code logic.
Credentials: No clear signs of credential harvesting were found.
Metadata: The package is new with limited maintainer history and no external links for verification.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

-123", ) roundtrip = pickle.loads(pickle.dumps(wrapper)) assert roundtrip._base_factory.m

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

ime.perf_counter() proc = subprocess.run(cmd, cwd=str(cwd), env=env, check=False) elapsed = time.
IEWER_HINT"] = "1" proc = subprocess.Popen(cmd, start_new_session=True, env=env) if progress:
r_script).name proc = subprocess.run( ["ps", "-axo", "pid=,command="], ch
try: proc = subprocess.Popen( viewer_cmd, start_new_sessi
list[str]) -> str: proc = subprocess.run(command, capture_output=True, text=True, check=False) re

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

GitHub API error: 403

GitHub API error: 403

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-04T23:17:26.000Z)
Author "Gelu Nita, Alexey Kuznetsov" appears to have only 1 package on PyPI (new or inactive account)