acme

v5.6.0 suspicious
4.0
Medium Risk

ACME protocol implementation in Python

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a high level of obfuscation risk due to the use of eval(), which can pose significant security concerns. However, other risks are relatively low, and there's no clear indication of malicious intent.

  • High obfuscation risk due to eval()
  • Low overall risk in other categories
Per-check LLM notes
  • Network: The network calls seem to be intended for local testing or debugging purposes, making HTTP requests to localhost.
  • Shell: No shell execution patterns detected.
  • Obfuscation: The use of eval() for dynamic code execution suggests potential obfuscation or security risks.
  • Credentials: No direct evidence of credential harvesting is present, but caution should be exercised.
  • Metadata: The maintainer has only one package, which could indicate a new or less active project, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • dex(self): response = requests.get( 'http://localhost:{0}'.format(self.port), verif
  • 404(self): response = requests.get( 'http://localhost:{0}/foo'.format(self.port), v
  • : http_response = requests.get(uri, verify=False, timeout=timeout) except requests.
  • _agent self.session = requests.Session() self._default_timeout = timeout adapter =
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • oqa: F401 acme_jose_mod = eval(acme_jose_path) # pylint: disable=eval-used josepy_mod
  • le=eval-used josepy_mod = eval(josepy_path) # pylint: disable=eval-used assert acme_jo
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository certbot/certbot appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Certbot Project" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with acme 
Build a simple Python application using the acme package to demonstrate its core features.