ai-code-marker

v0.1.6 safe
3.0
Low Risk

Git hook helpers for recording AI-assisted code attribution.

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal risk with no network calls, no obfuscation, and no credential harvesting. The only concern is the low maintainer activity and the use of git commands which could be risky if misused.

  • Low maintainer activity
  • Git commands execution
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Git commands execution might be part of version control operations but could pose a risk if misused.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: Low maintainer activity and missing author details suggest potential low-quality or malicious intent.

📦 Package Quality Overall: Low (3.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_ai_code_marker.py)
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 33 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • s: str) -> str: result = subprocess.run( ["git", *args], check=True, text
  • etedProcess[str]: return subprocess.run( ["git", "-C", str(repo_root), *args], che
  • =True, env=None): return subprocess.run( cmd, cwd=cwd, check=check,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-code-marker 
Create a mini-application named 'AIAttributionTracker' using Python and the 'ai-code-marker' package. This tool will help developers track the use of AI-generated code snippets in their projects, ensuring proper attribution and compliance with ethical guidelines. Here’s a detailed plan on how to implement it:

1. **Setup Project Environment**: Initialize a new Python project and install the necessary packages including 'ai-code-marker'.
2. **Define Core Functionality**: Implement functions to identify AI-generated code segments within files. These functions should be able to parse comments or metadata tags where the usage of AI assistance is noted.
3. **Integrate Git Hooks**: Use 'ai-code-marker' to set up pre-commit hooks that check for the presence of AI attribution before committing changes to the repository. If AI-generated code is detected without proper attribution, the commit should be blocked.
4. **Develop User Interface**: Create a simple command-line interface (CLI) that allows users to interact with the application. Commands could include adding, removing, or listing AI attributions.
5. **Enhanced Features**:
   - **Automated Detection**: Develop machine learning models to automatically detect AI-generated code based on patterns and styles.
   - **Notification System**: Integrate email or Slack notifications when AI attributions are added or removed.
   - **Analytics Dashboard**: Provide insights into the frequency and type of AI usage in the project over time.
6. **Documentation**: Write comprehensive documentation explaining how to install and use 'AIAttributionTracker', including examples and best practices for ethical AI code usage.
7. **Testing and Validation**: Ensure all functionalities work as expected through thorough testing. Include unit tests for each function and integration tests for the entire workflow from detection to commit blocking.
8. **Deployment**: Prepare a deployment strategy to make 'AIAttributionTracker' available for other developers to use. Consider packaging it as a pip-installable package.

This project not only leverages the capabilities of 'ai-code-marker' but also encourages responsible AI usage in software development.