ai-provider-tracker

v0.7.5 suspicious
4.0
Medium Risk

Unified usage and cost tracking for AI providers such as FAL.AI and OpenRouter.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows low risk in terms of network, shell, obfuscation, and credential risks. However, the metadata risk is moderately high due to the maintainer having only one package and the absence of a linked git repository.

  • Metadata risk is elevated
  • No associated git repository
Per-check LLM notes
  • Network: The use of aiohttp for making network calls is common and expected for packages that interact with external services.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package and the git repository is not found, which raises some suspicion but does not definitively indicate malice.

πŸ“¦ Package Quality Overall: Low (3.2/10)

β—‹ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/luisfarfan/ai-provider-tracker#readme
  • Detailed PyPI description (3766 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 88 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • try: async with aiohttp.ClientSession(timeout=self.timeout) as session: async with
βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Luis Eduardo Farfan Melgar" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with ai-provider-tracker 
Create a mini-application named 'AIUsageMonitor' using Python that leverages the 'ai-provider-tracker' package to track the usage and costs of various AI services like FAL.AI and OpenRouter. This application will serve as a dashboard for developers to monitor their API calls and expenses in real-time. Here’s how you can structure your project:

1. **Setup**: Begin by installing the necessary packages including 'ai-provider-tracker'. Ensure your environment is set up correctly.
2. **Configuration**: Allow users to configure the application by providing API keys and specifying which AI providers they want to monitor.
3. **Tracking Mechanism**: Implement a background process that periodically checks the usage statistics and costs from each provider's API. Use 'ai-provider-tracker' to unify these data points into a single, easy-to-understand format.
4. **User Interface**: Develop a simple web interface where users can log in and view their current usage and estimated costs for the month. Include graphs and charts to visualize trends over time.
5. **Alerts & Notifications**: Integrate email alerts when certain thresholds are reached (e.g., if the estimated monthly cost exceeds a predefined amount).
6. **Security Measures**: Ensure that all sensitive information such as API keys are stored securely. Consider using environment variables or a secure vault service.
7. **Documentation**: Provide comprehensive documentation on how to install, configure, and use 'AIUsageMonitor'. Include examples and best practices.

Remember, the goal is to make it easy for developers to stay within budget while leveraging multiple AI services. Utilize 'ai-provider-tracker' effectively to streamline the process of aggregating and presenting usage data.