aevum-core

v0.7.1 suspicious
4.0
Medium Risk

Aevum — the sealed movement. Replay-first, policy-governed context kernel.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to its network and shell execution capabilities, which could be exploited for malicious purposes. The obfuscation technique also adds uncertainty.

  • network risk
  • shell risk
  • obfuscation
Per-check LLM notes
  • Network: The network calls may be legitimate if the package is designed to communicate with external services, but they could also indicate potential exfiltration or C2 activities.
  • Shell: The shell execution might be part of version control operations, but it can also pose risks if used improperly, potentially allowing unauthorized command execution.
  • Obfuscation: The use of base64 encoding and decoding is common for various purposes but may indicate an attempt to obscure code logic.
  • Credentials: No clear evidence of credential harvesting patterns detected.
  • Metadata: The maintainer has a new or inactive account and lacks a proper author name, which raises some concerns but does not strongly indicate malicious intent.

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • try: response = httpx.post( url, content=request_bytes,
  • } response = httpx.post( self._url, json=entry,
  • ": self._token} with httpx.Client(timeout=self._timeout) as client: resp = client.
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • body = json.loads(base64.b64decode(body_b64)) except Exception as exc: # noqa: BLE001
  • else: raw = base64.b64decode(pub_raw) self._public_key_cache = raw retur
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • wn" try: result = subprocess.run( ["git", "rev-parse", "--short", "HEAD"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository aevum-labs/aevum appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aevum-core 
Develop a mini-application called 'PolicySimulator' using the Python package 'aevum-core'. This application will simulate a simplified governance system where policies govern various actions within a virtual environment. The application should allow users to define policies, apply these policies to different contexts, and observe how these policies affect the outcomes of certain actions within the environment.

Key Features:
1. User Interface: Create a simple command-line interface for ease of use.
2. Policy Definition: Allow users to define policies as rules that govern specific actions. For example, a policy might state that users can only perform action X if they have permission Y.
3. Context Management: Implement a mechanism to manage different contexts within which policies are applied. Different contexts could represent different scenarios or environments.
4. Action Simulation: Simulate actions based on predefined inputs and observe how the defined policies influence the outcome of these actions.
5. Policy Evaluation: Provide functionality to evaluate the effectiveness of policies by simulating various scenarios and analyzing the results.

How to Utilize 'aevum-core':
- Use 'aevum-core' to establish the foundational structure of your virtual environment. It provides the replay-first, policy-governed context kernel necessary for managing and enforcing policies across different contexts.
- Leverage 'aevum-core' to handle the replayability aspect, ensuring that every simulation can be reproduced under identical conditions for consistency and verification purposes.
- Employ 'aevum-core' to enforce policies across all actions taken within the simulated environment, making sure that no action violates the established rules.

Your task is to design and implement a fully-functional mini-application that not only demonstrates the capabilities of 'aevum-core' but also showcases its potential in real-world governance systems.