Package Metadata

Author: —
Email: Alex Furrier <[email protected]>
PyPI: ai-config-cli
Python: >=3.10
Versions: 6 releases
First release: 04 Feb 2026, 00:21 UTC
Analysed: 06 Jun 2026, 13:50 UTC
Source files: 61 .py files scanned

Project Links

Changelog Documentation Homepage Issues Repository

Classifiers

Development Status :: 3 - AlphaEnvironment :: ConsoleIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to its interaction with system commands and use of base64 decoding. While there is no strong evidence of malicious intent, the low maintainer activity raises concerns about its reliability and future security updates.

moderate shell execution risk
potential obfuscation via base64 decoding

Per-check LLM notes

Network: The network call pattern suggests the package might be fetching external configurations or updates, which is not inherently suspicious but should be reviewed for legitimacy.
Shell: The shell execution patterns indicate the package may interact with system commands or other installed tools like 'claude'. This could be legitimate for CLI tool management but requires further investigation to ensure it's not being misused.
Obfuscation: The use of base64 decoding suggests potential obfuscation, but it could also be used for legitimate purposes such as handling encrypted configuration files.
Credentials: No clear evidence of credential harvesting is present, though the presence of transformations on environment values warrants further investigation.
Metadata: The repository's lack of engagement and the maintainer's limited activity suggest potential unreliability, but there are no clear signs of malicious intent.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 23 test file(s) found

Test runner config found: conftest.py
Test runner config found: pyproject.toml
23 test file(s) detected (e.g. test_in_docker.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://safurrier.github.io/ai-config/
Detailed PyPI description (7765 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
519 type-annotated function signatures detected in source

○ Low Multiple Contributors 2.0

Single-author or unverifiable project

1 unique contributor(s) across 18 commits in safurrier/ai-config
Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

try: response = requests.get(url, timeout=10) if response.status_code == 200:

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

for BinaryFile.""" return base64.b64decode(file.content_b64) def _transform_env_value(value: str, tar

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

""" try: result = subprocess.run( ["claude", "--version"], capture_ou
rgs try: result = subprocess.run( cmd, capture_output=True,
try: result = subprocess.run( ["claude", "--version"], ca
try: result = subprocess.run( ["claude", "plugin", "list", "--json"],
""" try: result = subprocess.run( ["docker", "info"], capture_output=
, "--no-cache") result = subprocess.run(cmd) return result.returncode def run_tests( image

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-config-cli

Create a mini-application called 'ClaudeCodeKit' that leverages the 'ai-config-cli' package to manage and configure plugins for a development environment tailored specifically for Claude Code users. This application should allow users to easily install, update, and uninstall plugins, as well as manage configurations for these plugins without diving into complex setup procedures.

Key Features:
- Plugin Installation: Users should be able to install plugins from a curated list of popular and useful tools for Claude Code.
- Configuration Management: The app should allow users to configure each plugin according to their preferences, such as setting up API keys or adjusting performance settings.
- Update Mechanism: Implement an automatic update feature that checks for updates on installed plugins and prompts the user to update if new versions are available.
- Uninstallation Feature: Provide a straightforward way for users to remove plugins they no longer need.
- Backup and Restore: Include functionality to back up current configurations and restore them if needed.

How to Utilize 'ai-config-cli':
- Use 'ai-config-cli' to define and manage the declarative configuration files that specify how each plugin should be set up.
- Leverage the package's capabilities to automate the installation, updating, and uninstallation processes based on these configurations.
- Ensure that all interactions with the plugins are done through the 'ai-config-cli', making the entire process seamless for the end-user.