Package Metadata

Author: Yaniv Golan
Email: —
PyPI: affinity-sdk
Python: >=3.10
Versions: 81 releases
First release: 17 Dec 2025, 20:19 UTC
Analysed: 06 Jun 2026, 05:07 UTC
Source files: 61 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Office/Business :: Financial :: Investment

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks, particularly concerning shell execution and direct API key handling, which could be exploited for malicious activities.

High shell risk due to potential misuse of shell=True
Moderate credential risk from direct API key request

Per-check LLM notes

Network: Network calls seem to be for authentication and API usage, which is common for SDKs but should be reviewed for legitimacy.
Shell: Shell executions may indicate the package performs system checks or tool management, but running commands via shell=True poses a high risk of misuse.
Obfuscation: The obfuscation pattern is not typical of secure coding practices but may be used for benign purposes such as avoiding code readability for non-users.
Credentials: Directly requesting an API key via getpass indicates potential risk for credential harvesting unless explicitly stated for legitimate purposes like configuration or initialization.
Metadata: The author has only one package, which may indicate a new or less active account, but no other red flags were identified.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

) response = httpx.get( PYPI_URL, timeout=5.0, )
""" try: with httpx.Client(timeout=NETWORK_TIMEOUT) as client: response = c
auth needed) with httpx.Client(timeout=60.0) as http_client: response = htt
pler auth) response = httpx.get( "https://api.affinity.co/auth/whoami",

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

' else: script = "eval (env _XAFFINITY_COMPLETE=fish_source xaffinity)\n" if ct

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

.0 try: result = subprocess.run( cmd, shell=True, captur
try: result = subprocess.run( ["pipx", "list", "--short"],
try: result = subprocess.run( ["uv", "tool", "list"], cap
CESS = 0x00000008 subprocess.Popen( cmd, stdout=subprocess.DEVN
ach from terminal subprocess.Popen( cmd, stdout=subprocess.DEVN
stdout as the API key. ``shell=True`` is intentional and matches established conventions in

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

pe)[/dim]") api_key = getpass.getpass(prompt="API Key: " if human_output else "").strip()

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository yaniv-golan/affinity-sdk appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Yaniv Golan" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with affinity-sdk

Your task is to create a command-line tool using Python that integrates with the Affinity CRM system through the 'affinity-sdk' package. This tool will allow users to manage their contacts more efficiently by providing a suite of operations on contact data. Here’s a detailed breakdown of what your tool should do and how it should work:

1. **Setup**: Begin by installing the 'affinity-sdk' package via pip. Ensure you have access to your Affinity API credentials.
2. **Authentication**: Implement a secure method to authenticate with the Affinity API using your credentials. This could involve storing the credentials securely or prompting the user for them each time the tool is run.
3. **Main Menu**: Design a main menu with options such as adding new contacts, updating existing contacts, deleting contacts, listing all contacts, searching for specific contacts, and exiting the program.
4. **Adding Contacts**: Allow users to add new contacts by specifying required fields like name, email, and phone number. Validate these inputs before sending them to the Affinity API.
5. **Updating Contacts**: Provide functionality to update existing contacts based on unique identifiers (e.g., email). Users should be able to modify any field of the contact.
6. **Deleting Contacts**: Enable users to delete contacts by providing the identifier of the contact they wish to remove.
7. **Listing Contacts**: Display all contacts in a readable format, possibly paginated if there are many contacts.
8. **Searching Contacts**: Implement a search feature where users can find contacts based on partial names or other fields.
9. **Error Handling**: Make sure to handle errors gracefully, informing the user about issues like invalid inputs, network problems, or API rate limits.
10. **Logging**: Optionally, implement logging to record actions taken by the tool, which could be useful for debugging or auditing purposes.

Each feature should utilize the 'affinity-sdk' package effectively to interact with the Affinity CRM system. Your goal is to create a robust, user-friendly tool that showcases the capabilities of the 'affinity-sdk' package.