Package Metadata

Author: —
Email: 0error-ob <[email protected]>
PyPI: ai-eng-audit
Python: >=3.11
Versions: 9 releases
First release: 27 May 2026, 10:40 UTC
Analysed: 06 Jun 2026, 14:13 UTC
Source files: 18 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaEnvironment :: ConsoleIntended Audience :: DevelopersIntended Audience :: Information TechnologyLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential credential harvesting and suspicious metadata activity, though network and shell risks are relatively lower.

credential risk 7/10
metadata risk 7/10

Per-check LLM notes

Network: The network call patterns suggest the package might be fetching data from external sources, which could be normal if it's part of its functionality, but requires further investigation to ensure legitimacy and security.
Shell: Executing shell commands like 'git' can be necessary for version control operations within a package, but it also poses a risk if not properly sanitized or controlled, potentially leading to unauthorized actions.
Obfuscation: No obfuscation patterns were detected in the provided code snippet.
Credentials: The code attempts to retrieve a GITHUB_TOKEN from environment variables and raises an error if it's not found, which could indicate potential credential harvesting behavior.
Metadata: Suspicious activity around the git repository and maintainer history suggests potential malicious intent.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

5 test file(s) detected (e.g. test_annotations.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/0error-ob/ai-eng-audit/blob/main/docs/met
Detailed PyPI description (5569 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

58 type-annotated function signatures detected in source

○ Low Multiple Contributors 2.0

Single-author or unverifiable project

1 unique contributor(s) across 3 commits in 0error-ob/ai-eng-audit
Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

while url: req = urllib.request.Request( url, headers={
try: with urllib.request.urlopen(req, timeout=30) as resp: body = res

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

gs: str) -> str: result = subprocess.run( ["git", "-C", str(repo), *args], capture_ou
r]: try: result = subprocess.run( ["git", "-C", str(repo), "remote", "get-url", "

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

""" token = token or os.environ.get("GITHUB_TOKEN") if not token: raise PRScanError(

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks
Single contributor with only 3 commit(s) — possibly throwaway account
All 3 commits happened within 24 hours

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-eng-audit

Create a mini-application called 'AI-Eng-CostTracker' using the Python package 'ai-eng-audit'. This application should help software teams track their AI-related expenses in relation to their engineering productivity. The application should have the following functionalities:

1. **Data Input**: Users should be able to input monthly AI spending data and engineering throughput metrics (e.g., number of lines of code written, number of bugs fixed, etc.).
2. **Data Storage**: The application should store this information locally in a structured format like a CSV file or SQLite database.
3. **Visualization**: Utilize 'ai-eng-audit' to plot AI spending against engineering throughput over time. Visualizations should include graphs showing trends, correlations, and any notable spikes or drops in either metric.
4. **Report Generation**: Provide a feature to generate a monthly report summarizing the data and insights derived from the visualizations.
5. **CLI Interface**: Ensure the application has a user-friendly command-line interface (CLI) that guides users through the process of inputting data and viewing reports.
6. **Customization Options**: Allow customization of the visualization style and the types of metrics tracked (e.g., adding new metrics such as AI training time or model accuracy).
7. **Security**: Implement basic security measures to protect stored data, especially if sensitive financial information is being handled.

Your task is to design and implement this application from scratch, making sure to leverage 'ai-eng-audit' for the visualization component. Additionally, provide clear documentation on how to install and use the application.