Mimiry

v0.2.1 suspicious
8.0
High Risk

Python SDK for serverless compute

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks associated with shell execution and obfuscation techniques, indicating potential malicious intent. However, there is no definitive evidence of credential harvesting or explicit malicious behavior.

  • High shell risk due to 'ssh-keygen' and pip command execution.
  • Significant obfuscation risk through cloudpickle and base64 encoding.
Per-check LLM notes
  • Network: The network call seems to be related to authentication token retrieval, which could be legitimate but requires further investigation into the context and necessity.
  • Shell: Multiple calls to 'ssh-keygen' and pip indicate potential execution of external commands that may modify the system state, suggesting higher risk for unauthorized actions or vulnerabilities.
  • Obfuscation: The use of cloudpickle and base64 decoding suggests an attempt to conceal code logic, which is suspicious.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: High risk due to suspicious git repository activity and lack of maintainer history.

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • de() try: resp = httpx.post( f"{api_base}/api/v1/auth/token", he
  • pute/v1" self._http = httpx.Client(timeout=http_timeout) def close(self) -> None:
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • s, kwargs = cloudpickle.loads(base64.b64decode(_b64)) except Exception: _write_error("f
  • payload = cloudpickle.loads(base64.b64decode(b64)) except Exception as e: raise ResultParseEr
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • auth") try: out = subprocess.run( ["ssh-keygen", "-lf", str(public_key_path)],
  • age) try: subprocess.run( ["ssh-keygen", "-Y", "sign", "-f", str(priv
  • + (PEP 668). rc = subprocess.run( [ "python3", "-m", "pip
  • n("w") as fh: subprocess.run(["ssh-keygen", "-y", "-f", str(priv)], stdout=fh, check=True
  • new ed25519 keypair...") subprocess.run( ["ssh-keygen", "-t", "ed25519", "-f", str(priv), "-
  • try: return subprocess.run(args, capture_output=True, timeout=timeout) except s
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Single contributor with only 4 commit(s) — possibly throwaway account
  • All 4 commits happened within 24 hours
Maintainer History score 6.0

3 maintainer concern(s) found

  • Package is very new: uploaded 1 day(s) ago
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Mimiry 
Develop a fully-functional mini-app named 'ServerlessFunctionDeployer' using the Python package 'Mimiry'. This app will serve as a user-friendly interface for deploying, managing, and invoking serverless functions on various cloud platforms such as AWS Lambda, Google Cloud Functions, and Azure Functions. The application should include the following core functionalities:

1. **User Authentication**: Implement a simple authentication system allowing users to sign up, log in, and manage their profiles.
2. **Function Deployment**: Provide a feature for users to upload their function code (in Python), specify the runtime environment, and deploy it to their chosen cloud platform.
3. **Function Management**: Allow users to view, update, delete, and invoke their deployed functions directly from the app. Include a monitoring dashboard showing recent invocations and any errors encountered.
4. **Cloud Platform Integration**: Ensure seamless integration with multiple cloud providers, enabling users to switch between platforms without reconfiguring their functions.
5. **Security Features**: Implement basic security measures such as encrypting sensitive data, validating input, and securing API endpoints.
6. **Documentation and Help**: Offer comprehensive documentation and a help section explaining how to use the app effectively.

Utilize the 'Mimiry' package to handle the serverless compute aspects of your application, including but not limited to deploying functions, invoking them remotely, and managing resources across different cloud environments. Your goal is to create a versatile tool that simplifies the process of working with serverless architectures for developers of all skill levels.