🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to potential misuse of network calls and concerns over its metadata quality and repository hygiene.

Per-check LLM notes

Network: The network calls indicate the package is likely fetching data from an external source, which could be part of its intended functionality.
Shell: No shell execution patterns were detected, indicating low risk of direct system command execution.
Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret theft.
Metadata: The package shows signs of low effort and suspicious activity, including a newly created repository, single contributor with few commits, and lack of detailed metadata.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

id not in _CACHE: r = httpx.get(kaynak, headers={"User-Agent": _UA}, timeout=60,
lArama": True}, } r = httpx.post(_ARAMA, json=govde, timeout=60, headers={ "User-Agen

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 7.5

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-04T22:49:00Z)

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T00:03:59.000Z)
Author "Aydın Can Polatkan" appears to have only 1 package on PyPI (new or inactive account)
Package has no PyPI classifiers (low effort / metadata quality)