aicd

v1.5.6 suspicious
7.0
High Risk

CLI AI Agent for code and documentation

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits potential risks related to credential management and low maintainer activity, which raises concerns about its legitimacy and security. Additionally, it seems to be a typosquatting attempt targeting a popular package.

  • Credential risk due to retrieval of GitHub token
  • Low maintainer activity and poor metadata quality
  • Suspected typosquatting
Per-check LLM notes
  • Network: The package appears to use HTTP requests asynchronously, which is common for fetching data or interacting with APIs, but should be reviewed for the destinations and data being sent.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected in the code.
  • Credentials: The code attempts to retrieve a GitHub token from environment variables, which could be a legitimate action for interacting with GitHub APIs but also poses a risk of unauthorized access if not handled securely.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising concerns about its legitimacy.
  • Typosquatting target: rich

📦 Package Quality Overall: Low (3.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (16664 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 407 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • try: async with httpx.AsyncClient( timeout=timeout, headers=headers,
  • try: async with httpx.AsyncClient(timeout=timeout) as client: kw: dict[str, Any]
  • try: async with httpx.AsyncClient(timeout=timeout_sec) as ac: r = await ac.post(u
  • ls", ) async with httpx.AsyncClient(timeout=timeout_sec, headers=headers) as ac: for u
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • ons.github.token = ( os.environ.get("GITHUB_TOKEN", "") or os.environ.get("GH_TOKEN", "") or "" ).strip(
  • _getgrnam** — POSIX only; no `/etc/shadow` (use OS tools if user insists). Do not log real passwords
Typosquatting score 3.0

Possible typosquat of: rich

  • "aicd" is 2 edit(s) from "rich"
Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aicd 
Create a Python-based utility named 'CodeDocGen' which leverages the 'aicd' package to generate comprehensive documentation from existing codebases. This tool aims to simplify the process of maintaining up-to-date documentation for developers and non-technical stakeholders alike. The utility should have the following functionalities:

1. **Codebase Analysis**: Utilize the 'aicd' package to analyze a given Python codebase and extract key information such as function names, parameters, return types, docstrings, and comments.
2. **Documentation Generation**: Based on the extracted information, generate markdown-formatted documentation files that include a table of contents, module summaries, detailed descriptions of functions and classes, and examples where applicable.
3. **Interactive Mode**: Implement an interactive mode where users can ask questions about specific parts of the codebase, and the 'aicd' package will provide detailed explanations and suggestions for improvement.
4. **Customization Options**: Allow users to customize the output format and style of the generated documentation, including options for adding custom headers, footers, and themes.
5. **Integration with Version Control Systems**: Enable integration with popular version control systems like Git to automatically update documentation whenever changes are made to the codebase.
6. **User-Friendly Interface**: Provide a simple command-line interface (CLI) that guides users through the process of setting up and using CodeDocGen.
7. **Error Handling and Logging**: Ensure robust error handling and logging mechanisms to help diagnose issues and improve user experience.

The project should demonstrate proficiency in using the 'aicd' package's capabilities for analyzing and documenting code, as well as integrating these functionalities into a cohesive and user-friendly application.