Package Metadata

Author: —
Email: Invoke <[email protected]>
PyPI: InvokeAI
Python: <3.13,>=3.11
Versions: 266 releases
First release: 30 Dec 2022, 01:23 UTC
Analysed: 05 Jun 2026, 14:53 UTC
Source files: 63 .py files scanned

Project Links

Bug Reports Discord Documentation Homepage Source

Classifiers

Development Status :: 5 - Production/StableEnvironment :: GPUEnvironment :: GPU :: NVIDIA CUDAEnvironment :: MacOS XIntended Audience :: DevelopersIntended Audience :: End Users/DesktopLicense :: OSI Approved :: Apache Software LicenseOperating System :: MacOSOperating System :: Microsoft :: WindowsOperating System :: POSIX :: Linux

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package InvokeAI v6.13.0 presents some risks due to its network calls and execution of shell commands, which could potentially lead to unauthorized actions. Additionally, the incomplete metadata and possible typosquatting raise concerns about its legitimacy.

Network risk due to external domain calls
Shell risk from executing commands like git clone
Incomplete metadata and possible typosquatting

Per-check LLM notes

Network: The network call to an external domain suggests potential data exfiltration or C2 communication, but without more context, it's hard to determine the exact intent.
Shell: Executing shell commands like git clone can be legitimate for package setup or updates, but it also poses a risk if misused, potentially allowing arbitrary code execution.
Obfuscation: The observed pattern is likely benign and could be part of a larger code snippet that was not fully provided, possibly for clarity or brevity.
Credentials: No suspicious patterns indicative of credential harvesting were detected.
Metadata: The author information is incomplete and the maintainer may be inactive or new, which raises some concerns but does not strongly indicate malicious intent.
⚠ Typosquatting target: invoke

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

gingface.co" try: urllib.request.urlopen(host, timeout=1) return True except Exce

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

being updated vae.eval() # Try to find the BN layer - it may be at dif

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

e repository result = subprocess.run( ["git", "clone", source, str(target_dir)],

✓ Credential Harvesting

No credential harvesting patterns detected

⚠ Typosquatting score 3.0

Possible typosquat of: invoke

"InvokeAI" is 2 edit(s) from "invoke"

✓ Registered Email Domain

Email domain looks legitimate: invoke.ai>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository invoke-ai/InvokeAI appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with InvokeAI

Create a mini-app called 'ArtMuse' that leverages the InvokeAI package to assist artists and designers in generating creative artwork. ArtMuse should allow users to input textual descriptions of desired images and then generate corresponding visual outputs. The app should include the following features:

1. User-friendly interface for text input.
2. Option to select from different styles (e.g., realistic, cartoonish, impressionistic).
3. Ability to adjust parameters such as color palette, resolution, and aspect ratio.
4. Preview functionality before finalizing the image generation.
5. Save generated images to local storage or share them via social media platforms.

To utilize the InvokeAI package, you will need to integrate its core functionalities into your app. Specifically, use InvokeAI's API to process user inputs and generate images based on those inputs. Ensure that the app efficiently handles the computational demands of AI-driven image generation, possibly by implementing asynchronous processing for better performance.