aerograph-sdk

v0.2.0 suspicious
7.0
High Risk

Python SDK for AeroGraph — emit trace events from Python agent workflows.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several suspicious characteristics, including network activity, subprocess execution, and questionable metadata, raising concerns about its legitimacy and potential risks.

  • High network and shell execution risks
  • Suspect metadata indicating possible new and unverified authorship
Per-check LLM notes
  • Network: The package makes HTTP requests which could be for legitimate purposes like health checks and trace collection, but the use of external services may pose privacy concerns.
  • Shell: Subprocess execution is detected, which can be used for various tasks including code generation. However, this also increases the risk of unintended behavior or security vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows several red flags including being brand new, having an author with no name and a single package, which increases suspicion of potential malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • f._http_client return httpx.Client() def _get_async_client(self) -> httpx.AsyncClient:
  • nc_http_client return httpx.AsyncClient() def emit(self, event: _TraceEventModel) -> _TraceEven
  • _emission(): try: httpx.get("http://localhost:4317/health") except httpx.ConnectErro
  • " try: response = httpx.get(f"{COLLECTOR_URL}/v1/traces", timeout=2.0) return re
  • eve and verify response = httpx.get(f"{COLLECTOR_URL}/v1/traces/{trace_id}") assert response
  • me.sleep(0.1) response = httpx.get(f"{COLLECTOR_URL}/v1/traces/{trace_id}") assert response
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • atamodel-codegen result = subprocess.run( [ sys.executable, "-m",
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository SGcpu/AeroGraph appears legitimate

Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package is very new: uploaded 3 day(s) ago
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aerograph-sdk 
Create a Python-based utility named 'TraceMonitor' that leverages the 'aerograph-sdk' package to monitor and log trace events from various Python workflows. This tool should be designed to help developers understand the flow of execution within complex applications by emitting trace events at critical points.

### Key Features:
1. **Event Emission**: Integrate the 'aerograph-sdk' to emit trace events at specific points in your workflow, such as function calls, database queries, or API requests.
2. **Configuration Management**: Allow users to configure which parts of their workflow they want to trace through a simple configuration file.
3. **Real-time Monitoring**: Implement real-time monitoring capabilities where trace events are logged immediately as they occur.
4. **Event Filtering**: Provide options to filter trace events based on severity levels (e.g., info, warning, error).
5. **Data Visualization**: Use a simple command-line interface or a web-based dashboard to visualize the trace data in a meaningful way.
6. **Integration Testing**: Include scripts to test TraceMonitor with different types of Python workflows to ensure it works as expected.

### Steps to Build the Project:
1. **Setup Project Structure**: Initialize a new Python project and install the 'aerograph-sdk'.
2. **Configuration Module**: Develop a module that reads a configuration file to determine which parts of the workflow should be traced.
3. **Emitting Trace Events**: Modify existing Python code snippets to include calls to the 'aerograph-sdk' for emitting trace events at key points.
4. **Monitoring Logic**: Write logic to capture and log these trace events in real-time.
5. **Filtering Mechanism**: Implement filtering based on event severity.
6. **Visualization Interface**: Create a basic CLI or web interface to display trace events in a user-friendly manner.
7. **Testing Scripts**: Develop integration tests to verify TraceMonitor's functionality across various scenarios.
8. **Documentation**: Provide comprehensive documentation on how to use TraceMonitor effectively.

This project will not only serve as a practical example of using the 'aerograph-sdk', but also as a valuable tool for any developer looking to gain deeper insights into the execution flow of their Python applications.