Package Metadata

Author: Tham Tra
Email: —
PyPI: agora-etl
Python: >=3.11
Versions: 14 releases
First release: 23 May 2026, 16:19 UTC
Analysed: 06 Jun 2026, 13:11 UTC
Source files: 62 .py files scanned

Project Links

BugTracker Documentation Homepage Repository

Classifiers

Development Status :: 3 - AlphaFramework :: AsyncIOIntended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to shell execution capabilities and some level of obfuscation. While there's no direct evidence of malicious intent, these features warrant further investigation.

Shell risk detected
Moderate obfuscation

Per-check LLM notes

Network: No network calls detected, which is normal unless the package requires external services.
Shell: Detection of shell execution suggests potential for running arbitrary code, indicating possible security concerns.
Obfuscation: The obfuscation pattern detected seems to be related to internal method calls and does not inherently indicate malicious activity.
Credentials: No credential harvesting patterns were detected in the provided code snippet.
Metadata: The author has only one package, which might indicate a new or less active account, but no other suspicious activities are flagged.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

Test runner config found: pyproject.toml
Test runner config found: pyproject.toml
2 test file(s) detected (e.g. test_transforms.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://www.agora.my-working.com/
Detailed PyPI description (6030 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
323 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 5.0

Limited contributor diversity

1 unique contributor(s) across 27 commits in thanhtham010891/agora-etl
Single author but highly active (27 commits)

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

test_file_etl") .pipe(__import__("agora").MapMiddleware(transform, name="normalise")) .build(

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

ter() try: proc = subprocess.run( [sys.executable, "-c", script], cap

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository thanhtham010891/agora-etl appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Tham Tra" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with agora-etl

Create a mini-data processing application called 'DataMorpher' using the Python package 'agora-etl'. This application will serve as a versatile tool for transforming and enriching datasets from various sources. Here’s a detailed plan on how to build it:

1. **Project Setup**: Initialize your Python environment and install the necessary packages including 'agora-etl'. Consider also installing additional libraries like pandas for data manipulation and requests for API interactions.
2. **Define Data Sources**: Identify different types of data sources you want to support. These could include CSV files, SQL databases, and web APIs. Use 'agora-etl' to define connectors for each source type.
3. **Data Extraction**: Implement functions within 'DataMorpher' to extract data from these sources using the connectors defined in step 2. Ensure that the extraction process is asynchronous to handle large volumes of data efficiently.
4. **Transformation Pipeline**: Design a series of transformation steps that can be applied to the extracted data. These transformations might include filtering, aggregation, joining datasets, or applying custom logic. Utilize 'agora-etl'’s capabilities to chain these operations together in an efficient manner.
5. **Data Enrichment**: Integrate external data enrichment services (such as weather APIs or financial market data feeds) into the pipeline. This will require setting up additional connectors and ensuring that the enriched data is merged appropriately with the original dataset.
6. **Output Options**: Provide options for the user to output the transformed data in various formats such as CSV, JSON, or back into a database. Use 'agora-etl' to manage these output processes seamlessly.
7. **User Interface**: Develop a simple command-line interface (CLI) where users can specify input and output parameters, choose transformation pipelines, and run the data processing tasks. Make sure the CLI is intuitive and provides feedback on the progress of the tasks.
8. **Testing and Validation**: Create test cases to validate that the data transformations are working correctly and that the application handles edge cases gracefully. Use unit tests and integration tests to ensure reliability.
9. **Documentation and Deployment**: Write comprehensive documentation for both developers and end-users. Include examples and best practices for extending the functionality of 'DataMorpher'. Finally, prepare a deployment guide for running 'DataMorpher' in different environments.

By following these steps, you'll have developed a powerful yet easy-to-use tool for handling complex data processing tasks using the async-first approach provided by 'agora-etl'.