ai-code-quality-auditor

v0.2.0 suspicious
6.0
Medium Risk

Empirical Safety Harness for agentic AI coding systems. Scores AI-generated code on 5 metrics across 5 vendor conditions against one fixed spec.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk level due to high obfuscation risk and a newly established repository with limited activity, which raises concerns about its legitimacy and potential malicious intent.

  • High obfuscation risk due to use of 'eval(' and 'exec(',
  • New repository with minimal activity indicators.
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution patterns observed may be part of the package's intended functionality to run CLI commands.
  • Obfuscation: The presence of 'eval(' and 'exec(' suggests potential for code injection and obfuscation, which are often used maliciously.
  • Credentials: No clear patterns indicating credential harvesting were found.
  • Metadata: The repository is new with no activity indicators, raising suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 18 test file(s) found

  • Test runner config found: pyproject.toml
  • 18 test file(s) detected (e.g. test_analyzers.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/dominicrume/NEW-enterprise-ai-code-qualit
  • Detailed PyPI description (3099 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 80 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 17 commits in dominicrume/NEW-enterprise-ai-code-quality-auditor
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • ms(): for marker in ("eval(", "exec("): if marker in content:
  • l, password):\n" " eval(email)\n" " return True\n" ), } def test_no
  • ssert ok is False assert "eval(" in ev def test_secrets_detector_catches_openai_key():
  • **CLEAN_FILES, "app/bad.py": "eval(x)\n"}} verdict = cc.evaluate_from_spec({"files": mixed[
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • 00) -> list[dict]: proc = subprocess.run( [cli, "run", "--prompt", prompt, "--format", "jsonl
  • ng JSON output.""" proc = subprocess.run( [cli, "-p", prompt, "--output-format", "stream-json
  • 00) -> list[dict]: proc = subprocess.run( [cli, "-p", "--output-format", "stream-json", "--fo
  • 00) -> list[dict]: proc = subprocess.run( [cli, "agent", "run", "--prompt", prompt, "--stream
  • return [] proc = subprocess.run( ["bandit", "-r", str(scan_dir), "-f", "json", "-q"]
  • rocess\nsubprocess.call('ls', shell=True)\n"}, "manifest": []} score = security_analy
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 7 day(s) ago (2026-05-30T20:06:57Z)

  • Repository created very recently: 7 day(s) ago (2026-05-30T20:06:57Z)
  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-code-quality-auditor 
Build a simple Python application using the ai-code-quality-auditor package to demonstrate its core features.