python-packaging
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): Automated URLite scanner detected a blacklisted malicious URL associated with the skill's MANIFEST.in file. The presence of confirmed malicious infrastructure is a severe security finding.
- REMOTE_CODE_EXECUTION (CRITICAL): Malicious URLs embedded in packaging manifest files are frequently used to download second-stage payloads or backdoored dependencies during the installation or build process.
- NO_CODE (SAFE): No functional code files were provided for analysis; the risk assessment is based entirely on the confirmed malicious URL detection in the metadata.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata