ai-monitor-cli

v0.1.0 suspicious
6.0
Medium Risk

Drop-in httpx hook that reports LLM token usage to the AI Monitor backend

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits signs of potential misuse with moderate network activity and lacks critical metadata details such as maintainer history and author information.

  • moderate network risk
  • missing maintainer history and author information
Per-check LLM notes
  • Network: The presence of network calls suggests the package might be designed to report usage or interact with a service, but further investigation is needed to confirm its legitimacy and purpose.
  • Shell: No shell execution patterns were detected, indicating a lower risk in this area.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating secure handling of secrets.
  • Metadata: The package shows signs of low effort and could be suspicious due to the lack of a maintainer history and missing author information.

📦 Package Quality Overall: Low (2.0/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 7 type-annotated function signatures (partial)
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • is None: _reporter = httpx.Client() return _reporter def _detect_provider(host: str) ->
  • ) -> httpx.Client: return httpx.Client(event_hooks={"response": [on_response_hook]}) import json
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-monitor-cli 
Create a Python-based CLI tool named 'AIUsageTracker' that integrates with the 'ai-monitor-cli' package to monitor and report token usage from various LLM APIs such as OpenAI and Anthropic's Claude. This tool will allow users to send queries through these APIs and track their token consumption in real-time. The application should have the following functionalities:

1. **API Configuration**: Users should be able to configure different API keys and endpoints for OpenAI and Anthropic's Claude.
2. **Query Sending**: Implement a feature that allows users to send text queries to both APIs and receive responses.
3. **Token Usage Tracking**: Use 'ai-monitor-cli' to automatically track and report token usage for each query sent to the LLMs. Ensure that the tracking data includes timestamp, query content, response content, and token counts.
4. **Reporting**: Provide a summary of token usage over time, including daily, weekly, and monthly usage statistics. This can be presented in a simple text format or saved into a CSV file for further analysis.
5. **Security Measures**: Ensure that API keys are securely stored and not exposed in any logs or output.
6. **User Interface**: Design a clean and user-friendly command-line interface that guides users through the configuration process and provides clear feedback on the status of their queries and token usage.
7. **Customization Options**: Allow users to customize reporting intervals and formats, such as setting up alerts when certain thresholds of token usage are reached.
8. **Help Documentation**: Include comprehensive help documentation within the CLI tool that explains how to use all features and troubleshoot common issues.

The 'ai-monitor-cli' package will be utilized primarily for its ability to seamlessly integrate with HTTP requests made to LLM APIs, thereby automating the process of tracking token usage without requiring manual intervention. Additionally, it will ensure that all necessary data is reported accurately and efficiently to the AI Monitor backend, providing users with valuable insights into their AI service costs and usage patterns.