aethis-cli

v0.20.0 safe
4.0
Medium Risk

CLI for the Aethis developer API — author, test, and publish rulesets

🤖 AI Analysis

Final verdict: SAFE

The package appears to be legitimate with no strong indicators of malicious intent. While there are some concerns regarding shell execution and credential handling, these do not conclusively point towards a supply-chain attack.

  • Network and shell execution risks due to API interactions and external command execution.
  • Potential issues with credential management due to a syntax error in keyring usage.
Per-check LLM notes
  • Network: The network calls seem to be related to authentication and API interactions, which could be legitimate if the package is designed for OAuth authentication and API access.
  • Shell: The use of subprocess.run indicates that the package might execute external commands like 'jq', potentially for processing JSON data. However, direct execution can introduce risks if not properly sanitized.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The usage of keyring to retrieve an API key suggests legitimate credential management, but there is a syntax error in one instance which could indicate potential issues in code quality or maintenance.
  • Metadata: The package shows some red flags such as an author with no name and a new account with only one package, but there are no clear signs of typosquatting or other malicious activities.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • main}/oauth/token" resp = httpx.post( token_url, data={ "grant_type":
  • = ctx self._client = httpx.Client( base_url=base_url, headers=headers,
  • tr]]: try: resp = httpx.get(f"{base_url}/api/v1/public/permissions", timeout=10.0) e
  • ...") try: resp = httpx.post( f"{base_url}/api/v1/keys/", headers
  • y.") try: resp = httpx.get( f"{base_url}/api/v1/keys/", headers
  • y.") try: resp = httpx.delete( f"{base_url}/api/v1/keys/{key_id}",
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • ]") try: result = subprocess.run(argv) except FileNotFoundError: console.print(
  • 4) try: result = subprocess.run( ["jq", expr], input=json_text,
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • -found] cached = keyring.get_password("aethis-cli", "api_key") if cached:
  • -not-found] cached = keyring.get_password("aethis-cli", "api_key") if cached: retu
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: aethis.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aethis-cli 
Your task is to develop a command-line utility named 'RuleMaster' using the 'aethis-cli' package. This utility will streamline the process of managing rulesets for developers by integrating the functionalities provided by the Aethis API. Here’s a detailed breakdown of what your application should accomplish:

1. **Setup and Configuration**: Upon installation, RuleMaster should guide users through a setup wizard where they can configure their Aethis API credentials and other necessary settings.
2. **Ruleset Authoring**: Implement a feature that allows users to create new rulesets from scratch or by modifying existing ones. Users should be able to define rules within these rulesets using a simple, intuitive syntax supported by 'aethis-cli'.
3. **Testing Rulesets**: Develop an automated testing module that enables users to validate their rulesets against predefined test cases or custom inputs. This ensures the rulesets function as intended before deployment.
4. **Publishing Rulesets**: Provide an option for users to publish their validated rulesets directly from the command line interface. Ensure that the publication process includes version control, allowing users to track changes over time.
5. **Management Tools**: Include additional management tools such as listing all available rulesets, viewing details of a specific ruleset, and updating/deleting rulesets as needed.
6. **Documentation and Help**: Ensure comprehensive documentation is readily accessible via the command line interface, detailing how to use each feature effectively. Also, provide context-sensitive help for commands.
7. **Integration with Other Tools**: Consider adding support for integrating RuleMaster with popular development environments or tools, enhancing its usability.

In developing RuleMaster, utilize the 'aethis-cli' package to handle all interactions with the Aethis API. This includes authentication, data retrieval, and submission of rulesets. Your goal is to create a robust, user-friendly tool that significantly simplifies the process of managing rulesets for developers.