ai-cli-runner

v0.5.0 suspicious
6.0
Medium Risk

Shared async Python package for calling AI CLI tools (Claude, Gemini, Cursor) via subprocess

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks across network and shell operations, with incomplete metadata suggesting possible lack of maintenance. While it may not necessarily indicate malicious intent, the combination of these factors raises concerns about its safety.

  • Substantial shell risk due to subprocess execution without clear sanitization.
  • Incomplete metadata and low maintainer activity.
Per-check LLM notes
  • Network: The use of async httpx.Client suggests legitimate network requests, possibly for API interactions or fetching resources.
  • Shell: Subprocess execution can be risky if not properly sanitized or controlled, potentially leading to command injection vulnerabilities.
  • Metadata: The package shows signs of low maintainer effort and incomplete metadata, raising suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.6/10)

✦ High Test Suite 9.0

Test suite present — 8 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 8 test file(s) detected (e.g. conftest.py)
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 135 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • y: async with httpx.AsyncClient(timeout=30) as client: response = await
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • found. """ process = subprocess.Popen( cmd, cwd=cwd, stdin=subprocess.PIPE
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-cli-runner 
Your task is to create a versatile command-line interface (CLI) tool named 'AICommander' using Python, which leverages the 'ai-cli-runner' package to interact with multiple AI services such as Claude, Gemini, and Cursor. This tool will allow users to query these AI services directly from their terminal, providing a unified interface to access diverse AI capabilities. Here’s a detailed breakdown of the steps and features you need to implement:

1. **Setup**: Begin by installing the necessary packages, including 'ai-cli-runner'. Ensure your environment is set up to handle asynchronous operations due to the nature of the AI services.

2. **Configuration Management**: Develop a configuration file where users can specify the API keys and endpoints for the AI services they wish to use. This allows for easy management and switching between different services.

3. **Core Functionality**: Implement the main function of 'AICommander', which takes user input, routes it to the appropriate AI service based on the configuration, and returns the response. Utilize 'ai-cli-runner' to call these services asynchronously, ensuring smooth operation even when dealing with slower services.

4. **Feature Enhancements**:
   - **History Log**: Maintain a log of all queries and responses for each session or globally, allowing users to review past interactions.
   - **Custom Prompts**: Allow users to customize the prompts sent to AI services, enhancing the interaction and tailoring responses to specific needs.
   - **Error Handling**: Implement robust error handling to manage issues like invalid inputs, service unavailability, or API rate limits gracefully.

5. **User Interface**: Design a clean and intuitive CLI interface that supports basic commands like 'query', 'history', and 'config'. Consider adding autocomplete functionality for easier usage.

6. **Documentation**: Provide comprehensive documentation covering installation, configuration, and usage examples. Include a section explaining how 'ai-cli-runner' integrates into 'AICommander' to facilitate communication with AI services.

By following these guidelines, you'll create a powerful yet user-friendly tool that showcases the versatility and power of integrating multiple AI services through a single, cohesive interface.