AI Analysis
Final verdict: SUSPICIOUS
The package has a moderate risk score due to its potential for network-based attacks and lack of historical metadata.
- network risk due to file downloads
- limited historical metadata
Per-check LLM notes
- Network: The package attempts to download files from URLs, which could be legitimate for updates or additional resources but requires scrutiny to ensure it's not downloading malicious content.
- Shell: No shell execution patterns detected, indicating lower risk of direct system command injection or execution.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
- Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret theft.
- Metadata: The package appears to be newly created with limited history and no associated GitHub repository, which raises some suspicion.
Package Quality Overall: Low (2.4/10)
○ Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
○ Low
Documentation
1.0
No documentation detected
No documentation URL, doc files, or meaningful description found
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
4 type-annotated function signatures (partial)
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
rom {url}...') try: urllib.request.urlretrieve(url, archive_path) except Exception as e: #
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: tensorflow.org
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 4.0
2 maintainer concern(s) found
Only one version has ever been released — brand new packageAuthor "Google AI Edge Authors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with ai-edge-litert-sdk-intel
Develop a real-time object detection system using the Intel OpenVINO SDK for AI Edge LiteRT ('ai-edge-litert-sdk-intel') package. This application will allow users to detect objects in video streams in real-time, providing labels and bounding boxes around detected objects. The system will be designed to run on edge devices, making it suitable for applications where low latency and efficient resource utilization are critical.
Step 1: Set up your development environment with Python and install the 'ai-edge-litert-sdk-intel' package.
Step 2: Load a pre-trained model compatible with the SDK into memory.
Step 3: Create a video capture module that reads frames from either a webcam or a video file.
Step 4: Implement the object detection logic using the SDK's inference capabilities. Ensure that the model processes each frame efficiently.
Step 5: Display the processed frames with detected objects highlighted by bounding boxes and labeled appropriately.
Step 6: Add optional features such as saving the output video with detections, adjusting detection thresholds, or allowing users to select different models at runtime.
The application should demonstrate the power of the 'ai-edge-litert-sdk-intel' package in enabling efficient and real-time AI inference on edge devices. Users should be able to interact with the app through a simple graphical interface, which allows them to start/stop the detection process, change settings, and view results.