ai-dev-cli

v0.2.0 suspicious
6.0
Medium Risk

Standalone development workflow CLI for Python projects

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high obfuscation risk and is maintained by an account with limited activity, indicating potential malicious intent. However, there is no direct evidence of harmful behavior such as network calls or credential harvesting.

  • High obfuscation risk (7/10) - attempts to evade detection or analysis.
  • Maintainer has limited activity, raising suspicion.
Per-check LLM notes
  • Network: No network calls detected, which is normal and expected.
  • Shell: Shell execution may be used to check system status or dependencies, but requires further investigation into the context and commands executed.
  • Obfuscation: The use of obfuscation to block __import__ suggests an attempt to evade detection or analysis, which is suspicious.
  • Credentials: No clear patterns of credential harvesting were detected, but continued monitoring is advised.
  • Metadata: The package is new and maintained by an account with limited activity, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 37 test file(s) found

  • Test runner config found: conftest.py
  • 37 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3535 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • Type checker (mypy / pyright / pytype) referenced in project
  • 324 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ssage=( "BLOCKED: __import__() command snippets can hide protected tool invocations. "
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • und" try: proc = subprocess.run(argv, capture_output=True, timeout=COMMAND_TIMEOUT_SECONDS,
  • .flush() result = subprocess.run( full_cmd, stdout=f,
  • try: result = subprocess.run(version_cmd, capture_output=True, text=True, timeout=10, che
  • tr: try: result = subprocess.run( ["uv", "pip", "list", "--format", "json"],
  • t.load_config() result = subprocess.run( ["git", "diff", "--name-only", "HEAD"], cap
  • e == 0 else [] result2 = subprocess.run( ["git", "ls-files", "--others", "--exclude-standard
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "ai-dev-cli contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-dev-cli 
Create a mini-application called 'AI Project Manager' that leverages the 'ai-dev-cli' Python package to streamline the development process of AI projects. This application should allow users to easily set up, manage, and deploy AI projects using a command-line interface (CLI). The 'AI Project Manager' should include the following core functionalities:

1. **Project Initialization**: Users should be able to initialize a new AI project by specifying the type of project (e.g., machine learning, deep learning), framework (e.g., TensorFlow, PyTorch), and additional dependencies. The 'ai-dev-cli' package will handle the setup of the project structure, necessary libraries, and configuration files.
2. **Environment Management**: The application should allow users to create, activate, and deactivate virtual environments specific to each project. It should also provide options to update and manage dependencies within these environments using the 'ai-dev-cli'.
3. **Code Generation**: Implement a feature that generates boilerplate code based on the selected project type and framework. For example, if a user selects a TensorFlow-based machine learning project, the application should generate a basic directory structure including data preprocessing scripts, model training scripts, and evaluation scripts.
4. **Deployment Options**: Integrate deployment capabilities that allow users to push their projects to cloud platforms such as AWS, Google Cloud, or Azure. The 'ai-dev-cli' should facilitate the packaging of the project and handling of deployment configurations.
5. **Documentation Generation**: Automatically generate documentation for the project based on the codebase and comments provided by the user. This could include API documentation, setup instructions, and usage guides.
6. **Version Control Integration**: Enable users to integrate their projects with version control systems like Git. The application should support committing changes, pushing to remote repositories, and pulling updates from remote repositories.

In addition to the above features, the application should have a clean and intuitive CLI interface, providing clear prompts and feedback at every step. The 'ai-dev-cli' package will be utilized extensively throughout the application to automate tasks, manage workflows, and ensure consistency across different stages of project development.