Summary
ai-personas v1.3.0 was classified as CRITICAL RISK with a risk score of 467. Sigil detected 29 findings across 14 files, covering phases including install hooks, code patterns, network exfiltration, obfuscation. Review the findings below before installing this package.
Package description: 1,000+ AI personas for LLMs and agents.
v1.3.0
29 April 2026, 21:28 UTC
by Sigil Bot
Risk Score
467
Findings
29
Files Scanned
14
Provenance
Findings by Phase
Phase Ordering
Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
ai_personas-1.3.0/src/ai_personas/ai-personas.json:812
"claude-md-master": {
"prompt": "---\nname: claude-md-master\ndescription: Master skill for CLAUDE.md lifecycle - create, update, improve with repo-verified content and multi-module support. Use when creating or updating CLAUDE.md files.\n---\n\n# CLAUDE.md Master (Create/Update/Improver)\n\n## When to use\n- User asks to create, improve, update, or standardize CLAUDE.md files.\n\n## Core rules\n- Only include info verified in repo or config.\n- Never include secrets, tokens, credentials, Why was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
ai_personas-1.3.0/src/ai_personas/ai-personas.json:992
"Comprehensive Python Codebase Review - Forensic-Level Analysis Prompt": {
"prompt": "# COMPREHENSIVE PYTHON CODEBASE REVIEW\n\nYou are an expert Python code reviewer with 20+ years of experience in enterprise software development, security auditing, and performance optimization. Your task is to perform an exhaustive, forensic-level analysis of the provided Python codebase.\n\n## REVIEW PHILOSOPHY\n- Assume nothing is correct until proven otherwise\n- Every line of code is a potential sourWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
install-pip-setup-exec
CRITICALsetup.py executes code at install time
ai_personas-1.3.0/src/ai_personas/ai-personas.json:3135
"Production-Grade PostHog Integration for Next.js 15 (App Router)": {
"prompt": "Production-Grade PostHog Integration for Next.js 15 (App Router)\nRole\nYou are a Senior Next.js Architect & Analytics Engineer with deep expertise in Next.js 15, React 19, Supabase Auth, Polar.sh billing, and PostHog.\nYou design production-grade, privacy-aware systems that handle the strict Server/Client boundaries of Next.js 15 correctly.\nYour output must be code-first, deterministic, and suitable for a reWhy was this flagged?
This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.
Badge
Markdown
[](https://sigilsec.ai/scans/C874246C-80C7-49D8-B2A7-EFB1326B071C)HTML
<a href="https://sigilsec.ai/scans/C874246C-80C7-49D8-B2A7-EFB1326B071C"><img src="https://sigilsec.ai/badge/pypi/ai-personas" alt="Sigil Scan"></a>Run This Scan Yourself
Scan your own packages
Run Sigil locally to audit any package before it touches your codebase.
Early Access
Get cloud scanning, threat intel, and CI/CD integration.
Join 150+ developers on the waitlist.
Get threat intelligence and product updates
Security research, new threat signatures, and product updates. No spam.
Other pypi scans
Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.