Package Metadata

Author: —
Email: Lord1Egypt <akim.221992@gmail.com>
PyPI: skillforge-agent
Python: >=3.9
Versions: 2 releases
First release: 05 Jun 2026, 01:35 UTC
Analysed: 05 Jun 2026, 02:01 UTC
Source files: 62 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.9Topic :: Scientific/Engineering :: Artificial Intelligence

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential shell execution risks and controlled network behavior, suggesting possible supply-chain manipulation. Further investigation is recommended.

High shell execution risk
Controlled network interactions

Per-check LLM notes

Network: Network calls are likely for updates or version checks, but the use of custom User-Agent and rate limiting suggests controlled external communications.
Shell: Subprocess execution is flagged for potentially running external commands with environment variables, which could be risky if not properly sanitized or controlled.
Obfuscation: The observed obfuscation pattern is not strongly indicative of malicious intent; it appears to be a common technique for dynamically importing modules.
Credentials: No suspicious patterns related to credential harvesting were detected.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

etching {url} ...") req = urllib.request.Request(url, headers={"User-Agent": "bids-skill-updater/1.0"
skill-updater/1.0"}) with urllib.request.urlopen(req) as resp: return resp.read() def updat
self): self.session = requests.Session() self.session.headers.update({ 'User-Ag
tils/' self.session = requests.Session() # Rate limiting self.delay = 0.11
self.client = client or httpx.Client(base_url="https://api.anthropic.com", timeout=60.0) def
self.client = client or httpx.Client(base_url=endpoint, timeout=120.0) def __call__(self, pr

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

me try: module = __import__(import_name) version = getattr(module, version_attr, 'unknown')

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

"] = api_key result = subprocess.run(cmd, check=False, env=env) sys.exit(result.returncod
] try: result = subprocess.run( cmd, capture_output=True,
t macro_dir.exists(): subprocess.run( [ "soffice", "-
env = get_soffice_env() subprocess.run(["soffice", ...], env=env) """ import os import socket impo
get_soffice_env() return subprocess.run(["soffice"] + args, env=env, **kwargs) _SHIM_SO = Path(te
.write_text(_SHIM_SOURCE) subprocess.run( ["gcc", "-shared", "-fPIC", "-o", str(_SHIM_SO), st

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-05T00:28:57Z)

Repository created very recently: 0 day(s) ago (2026-06-05T00:28:57Z)
All 9 commits happened within 24 hours

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Package uploaded less than 24 hours ago (2026-06-05T01:35:07.000Z)
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)