act-bin

v0.2.89 safe
4.0
Medium Risk

Run your GitHub Actions locally πŸš€

πŸ€– AI Analysis

Final verdict: SAFE

The package act-bin v0.2.89 poses minimal risk based on the analysis. It does not engage in network calls or credential harvesting and shows no signs of obfuscation.

  • No network calls detected.
  • Low risk of shell execution, though further investigation is recommended.
  • Incomplete maintainer profile and potentially new/inactive maintainer.
Per-check LLM notes
  • Network: No network calls were detected, which is normal unless the package is expected to perform network actions.
  • Shell: Shell execution detected may indicate the package performs system tasks, but requires further investigation to ensure it's not being used maliciously.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The maintainer has an incomplete profile and seems to be new or inactive, which raises some concerns but not enough to definitively suggest malicious intent.

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ON}", ".", ] subprocess.run(args, check=True, cwd=cwd) # noqa: S603 Path(output).ch
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: naver.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository Bing-su/pip-binary-factory appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with act-bin 
Create a Python-based local development environment tool named 'LocalActionRunner' that leverages the 'act-bin' package to run GitHub Actions workflows directly on a user's machine. This tool aims to streamline the process of testing GitHub Actions without needing to push code changes to a remote repository. Here’s a detailed breakdown of what the application should achieve and its core functionalities:

1. **Setup and Installation**: The application should have a straightforward setup process, allowing users to install it via pip and configure their GitHub personal access token for authentication purposes.
2. **Workflow Execution**: Users should be able to specify a GitHub Actions workflow file (.yml) either from a local directory or a URL, and the application will use 'act-bin' to execute the workflow in a simulated GitHub environment.
3. **Customization Options**: Provide options for users to customize the execution environment, such as setting up specific Docker images, defining secrets, or specifying inputs for the actions.
4. **Output and Logging**: Ensure that the application captures and displays the output of the workflow execution in a readable format, including logs, errors, and successes.
5. **Interactive Mode**: Implement an interactive mode where users can input commands to control the workflow execution step-by-step, similar to debugging a script.
6. **Help and Documentation**: Include comprehensive documentation and a help command that explains how to use each feature of the application.

The 'act-bin' package is utilized primarily to simulate the GitHub Actions environment and execute workflows. Your task is to design and implement this application, ensuring it integrates seamlessly with 'act-bin' while providing a user-friendly interface for developers to test and debug their GitHub Actions workflows locally.