ai-provider-watch

v0.1.0 suspicious
4.0
Medium Risk

Open provider-change event feed for AI platform teams and agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some signs of potentially risky behavior, particularly concerning its use of shell commands and newness without community engagement. However, there is no clear evidence of malicious intent.

  • Shell risk due to execution of Git and other commands
  • Low community engagement and new package
Per-check LLM notes
  • Network: The network calls observed seem to be making HTTP requests, which could be part of the intended functionality if the package interacts with external services.
  • Shell: The shell execution patterns include running Git and other commands, which might be necessary for version control or building processes but could also indicate risky behavior if not properly controlled.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret or credential theft.
  • Metadata: The repository and package are very new with no community engagement, indicating potential risk.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 19 test file(s) found

  • Test runner config found: pyproject.toml
  • 19 test file(s) detected (e.g. test_action_metadata.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (10271 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 255 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 40 commits in ottto-ai/ai-provider-watch
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • rceObservation: request = urllib.request.Request(source.url, headers={"User-Agent": USER_AGENT})
  • place("+00:00", "Z") with urllib.request.urlopen(request, timeout=timeout) as response: raw =
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ne: try: result = subprocess.run( ["git", *args], cwd=root,
  • }, ] result = subprocess.run( [sys.executable, "-m", "ai_provider_watch.mcp.serve
  • e: import subprocess subprocess.run(["uv", "build", "--wheel", "--out-dir", str(tmp_path)], cwd=
  • _files(tmp_path) -> None: subprocess.run(["git", "init"], cwd=tmp_path, check=True, capture_output=Tr
  • pw/\n", encoding="utf-8") subprocess.run(["git", "add", ".gitignore"], cwd=tmp_path, check=True, capt
  • rue, capture_output=True) subprocess.run( [ "git", "-c",
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 6 day(s) ago (2026-05-31T16:47:35Z)

  • Repository created very recently: 6 day(s) ago (2026-05-31T16:47:35Z)
  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Package is very new: uploaded 2 day(s) ago
  • Author "AI Provider Watch maintainers" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-provider-watch 
Develop a real-time monitoring tool for AI platform teams using the 'ai-provider-watch' Python package. This tool will allow users to subscribe to and monitor changes in AI service providers in real time. The application should have the following features:

1. **Subscription Management**: Users should be able to subscribe to specific AI providers they are interested in.
2. **Real-Time Alerts**: When there are changes in the subscribed providers, such as updates, downtimes, or new services, the application should send real-time alerts via email or SMS.
3. **Historical Data Logging**: Maintain logs of all events for each provider for future reference.
4. **Dashboard Interface**: Provide a web-based dashboard where users can view current statuses, historical logs, and manage their subscriptions.
5. **Customizable Notifications**: Allow users to customize the type of notifications they receive based on the severity of the event (e.g., major update, minor update, downtime).
6. **API Integration**: Offer an API for third-party tools or other applications to integrate with the monitoring system.
7. **Security Features**: Ensure that user data and notifications are securely transmitted and stored.

To achieve these features, you'll need to utilize the 'ai-provider-watch' package to handle subscriptions and event feeds from AI providers. Specifically, use its capabilities to open provider-change event feeds, process incoming events, and trigger appropriate actions based on the event type. Additionally, implement backend logic to manage subscriptions, handle notifications, and maintain logs. For the frontend, develop a responsive and intuitive web interface using modern web technologies.