aether-ai-cli

v2.2.0 suspicious
6.0
Medium Risk

Aether AI Agent — A professional-grade AI coding assistant for your terminal.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk profile due to its request for an API key and lack of community engagement, suggesting potential misuse of credentials or a less-trusted source.

  • API key request
  • Low community engagement
Per-check LLM notes
  • Network: The network calls appear to be fetching JSON data from a URL, which is common for many applications that rely on external services.
  • Shell: The shell executions seem to be related to clipboard operations and git commands, possibly for copying output or viewing changes, which could be legitimate depending on the tool's functionality.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code appears to be requesting an API key from the user, which could indicate legitimate usage but also poses a risk for credential harvesting depending on how the key is handled and stored.
  • Metadata: The repository is new with no community engagement and the maintainer has only one package, raising some suspicion.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • er-ai-cli/json" req = urllib.request.Request(url, headers={"User-Agent": "aether-ai-cli"})
  • aether-ai-cli"}) with urllib.request.urlopen(req, timeout=3) as response: data = json
  • ge.""" try: req = urllib.request.Request( url, headers={'User-Agent':
  • gent'} ) with urllib.request.urlopen(req, timeout=timeout) as response: conte
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • "Darwin": subprocess.run( ["pbcopy"],
  • "Linux": subprocess.run( ["xclip", "-selection", "clipboard"
  • else: subprocess.run( ["clip"], input=last_response, text
  • changes result = subprocess.run(["git", "diff", "--cached"], capture_output=True, text=True,
  • result_unstaged = subprocess.run(["git", "diff"], capture_output=True, text=True, check=True)
  • subprocess.run(["git", "add", "-u"], check=True) result = s
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • ai/keys)[/dim]\n") key = getpass.getpass("API Key: ").strip() if not key: console.print("
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 5 day(s) ago (2026-06-01T09:47:03Z)

  • Repository created very recently: 5 day(s) ago (2026-06-01T09:47:03Z)
  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Irtaza Malik" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aether-ai-cli 
Build a simple Python application using the aether-ai-cli package to demonstrate its core features.