Package Metadata

Author: —
Email: plusUltra Labs <[email protected]>
PyPI: ai-act-conformity
Python: >=3.10
Versions: 1 release
First release: 19 May 2026, 12:21 UTC
Analysed: 06 Jun 2026, 13:32 UTC
Source files: 6 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersIntended Audience :: Legal IndustryLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has low risks for network calls, shell execution, obfuscation, and credential harvesting. However, its low repository activity, single version release, and anonymous authorship raise concerns about possible malicious intent or supply-chain attack.

Low repository activity
Single version release
Anonymous author

Per-check LLM notes

Network: No network calls detected, which is normal unless the package's functionality requires external communications.
Shell: No shell execution patterns detected, indicating low risk of executing unauthorized commands.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The repository's low activity, single version release, and anonymous author suggest potential risks, indicative of a possibly malicious intent or supply-chain attack.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

Test runner config found: pyproject.toml
1 test file(s) detected (e.g. test_manifest.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (8041 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

8 type-annotated function signatures (partial)

◈ Medium Multiple Contributors 6.0

Limited contributor diversity

2 unique contributor(s) across 2 commits in plusultra-tools/ai-act-conformity-pack
Two distinct contributors found

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: proton.me>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks
Very few commits: 2 total

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-act-conformity

Develop a mini-application named 'AIComplianceHelper' using the Python package 'ai-act-conformity'. This tool aims to simplify the process of generating technical documentation and risk assessment reports for AI systems according to the EU AI Act Annex IV guidelines. The application should have the following functionalities:

1. **User Input**: Allow users to input details about their AI system, such as system name, purpose, intended use cases, and key stakeholders.
2. **Regulatory Text Integration**: Automatically generate verbatim citations from the relevant sections of the EU AI Act Annex IV based on user inputs.
3. **FRIA Templates**: Provide pre-filled Free, Robust, Intrusive Impact Assessment (FRIA) templates tailored to the specifics of the user’s AI system.
4. **SHA-256 Chained Manifests**: Ensure that each generated document includes a SHA-256 hash chain to maintain integrity and traceability of the documentation.
5. **Output Generation**: Produce a comprehensive PDF report that combines all the above elements, ready for submission to regulatory bodies.

The 'ai-act-conformity' package will be crucial in scaffolding the initial structure of the technical documentation and FRIA templates, integrating verbatim regulatory texts, and ensuring the integrity of the documents through SHA-256 chaining. Your task is to design and implement this application, providing clear instructions for its use and emphasizing the importance of compliance with the EU AI Act.