Dev10x

v0.78.0 suspicious
4.0
Medium Risk

Claude Code plugin providing reusable skills, hooks, and commands

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks, particularly concerning its network and shell execution behaviors, which might indicate legitimate functionality but could also signify potential malicious activities.

  • moderate network risk
  • potential misuse of shell execution
Per-check LLM notes
  • Network: The network call pattern seems to be for making HTTP requests which could be legitimate if the package is designed to interact with external services.
  • Shell: The shell execution patterns indicate interaction with Git commands, which might be used for version control operations but could also be a sign of more nefarious activities like code modification or information gathering.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author has only one package, which may indicate a new or less active account, raising some suspicion but not enough to conclude malice.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • not None else None req = urllib.request.Request(url=url, method=method, headers=headers, data=data)
  • a=data) try: with urllib.request.urlopen(req, timeout=_REQUEST_TIMEOUT_SECONDS) as resp:
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • try: return subprocess.check_output( ["git", "rev-parse", "--show-toplevel"],
  • try: return subprocess.check_output( ["git", "rev-parse", "--abbrev-ref", "HEAD"
  • : str) -> str: return subprocess.check_output( ["git", *args], stderr=subprocess.D
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository Dev10x-Guru/dev10x-claude appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Janusz Skonieczny" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Dev10x 
Create a command-line utility named 'CodeBuddy' that leverages the 'Dev10x' package to streamline coding tasks and enhance productivity. This utility will serve as a personal coding assistant, offering functionalities such as code snippet generation, automated documentation creation, and integration with popular code repositories like GitHub. Here's a detailed breakdown of what the application should accomplish:

1. **Setup and Initialization**: Begin by setting up a Python environment with 'Dev10x' installed. Ensure that your application initializes correctly and connects to the user's GitHub account via OAuth for seamless repository management.
2. **Code Snippet Generation**: Implement a feature where users can input a brief description of a functionality they wish to implement (e.g., 'generate a function to sort a list'), and 'CodeBuddy' uses 'Dev10x' to generate relevant code snippets in various programming languages (Python, JavaScript, etc.).
3. **Automated Documentation**: Integrate a feature that automatically generates documentation from comments within the code using 'Dev10x'. Users should be able to specify which sections of their codebase need documentation, and 'CodeBuddy' will create markdown files containing structured documentation.
4. **Repository Management**: Utilize 'Dev10x' hooks to manage repositories. Features include creating new repositories on GitHub, pushing changes, and pulling updates. Additionally, provide a way to automatically tag commits based on certain keywords in commit messages.
5. **Interactive Shell Commands**: Implement a series of interactive shell commands that allow users to perform actions such as searching for specific code patterns across repositories, running static code analysis tools, and formatting code according to PEP8 standards.
6. **Customization and Configuration**: Allow users to customize their experience through configuration files. They should be able to specify preferences like default language, preferred repository structure, and more. Use 'Dev10x' commands to facilitate these configurations.
7. **Security Measures**: Ensure that all interactions with GitHub are secure, utilizing OAuth tokens stored securely. Implement error handling to gracefully manage any API rate limits or other issues.

By following these steps and utilizing the capabilities provided by 'Dev10x', you'll develop a robust and versatile command-line utility that significantly enhances developers' productivity and streamlines their workflow.