aicippy

v3.11.14 suspicious
6.0
Medium Risk

Enterprise-grade multi-agent CLI for Vibe Coding

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits elevated risks related to shell execution and credential handling, which could indicate potential misuse or unauthorized actions. However, without clear evidence of malicious intent, it remains suspicious rather than outright malicious.

  • High shell risk due to subprocess.run usage
  • Elevated credential risk with potential unauthorized access to keyring service
Per-check LLM notes
  • Network: Network calls to external hosts on port 443 and use of httpx library may be legitimate for API interactions, but require further investigation into the purpose and destinations.
  • Shell: Use of subprocess.run to execute pip commands might indicate package maintenance activities, but could also signify unauthorized system modifications, warranting a detailed code review.
  • Obfuscation: No signs of obfuscation techniques that could indicate malicious intent.
  • Credentials: The observed patterns suggest potential unauthorized access to credentials stored in the keyring service, indicating a high risk for credential harvesting.
  • Metadata: The package shows some red flags such as an absent author name and a single package on PyPI, indicating potential unreliability.

📦 Package Quality Overall: Low (4.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (8194 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • Type checker (mypy / pyright / pytype) referenced in project
  • 501 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • d" conn = socket.create_connection( (auth_host, 443),
  • try: conn = socket.create_connection((host, 443), timeout=5) conn.close()
  • try: async with httpx.AsyncClient(timeout=10.0) as client: resp = await client
  • try: async with httpx.AsyncClient(timeout=30.0) as client: resp = await client
  • httpx POST.""" response = httpx.post(url, data=data, timeout=_EXCHANGE_TIMEOUT_SECONDS) respo
  • self._http_client = httpx.AsyncClient( timeout=HTTP_TIMEOUT_SECONDS,
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • upgrade_result = subprocess.run( [ sys.executable,
  • try: pip_ver = subprocess.run( [sys.executable, "-m", "pip", "--version"],
  • try: pip_up = subprocess.run( [ sys.executabl
  • install_result = subprocess.run( [ sys.executabl
  • get("EDITOR", "nano") subprocess.run([editor, str(config_file)], check=False) return
  • try: result = subprocess.run( [sys.executable, "-m", "pip", "show", "aici
Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • , missing D-Bus, etc. keyring.get_password(_PROBE_SERVICE, _PROBE_KEY) except KeyringError as e:
  • token_data = keyring.get_password(self._service, KEY_TOKENS) except Exception as e
  • ng user_id = keyring.get_password(self._service, KEY_USER_ID) email = keyring.
  • R_ID) email = keyring.get_password(self._service, KEY_USER_EMAIL) return user_i
  • try: return getpass.getpass(f" {label}: ") except (EOFError, KeyboardInterrupt)
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: aivibe.in>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aicippy 
Create a mini-application called 'VibeSync' using the Python package 'aicippy'. This application will serve as a bridge between developers and their Vibe Coding environments, enabling seamless management of multiple coding projects across different agents. The application should include the following functionalities:

1. **Project Management**: Users should be able to create, delete, and manage multiple projects within their Vibe Coding environment.
2. **Agent Interaction**: The application should allow users to interact with various agents (e.g., local, cloud-based) through commands like 'start', 'stop', 'restart', and 'status'.
3. **Configuration Handling**: It must support configuration files for each project, allowing users to specify agent settings, such as preferred execution environments or custom parameters.
4. **Logging and Monitoring**: Implement logging capabilities to track interactions and status updates from the agents. Users should be able to view logs directly from the CLI or export them for further analysis.
5. **Security Features**: Integrate basic security measures, such as authentication for accessing sensitive operations and encryption for storing configuration files.
6. **User Interface**: Design a user-friendly CLI interface that guides users through common tasks and provides clear feedback on actions taken.
7. **Help and Documentation**: Include comprehensive help documentation accessible via CLI commands, detailing available options and best practices for using the application.

To utilize the 'aicippy' package, follow these steps:
- Import necessary modules from 'aicippy' at the beginning of your script.
- Use 'aicippy' functions to initialize connections with the agents.
- Implement command-line argument parsing to handle user inputs.
- Leverage 'aicippy' for executing commands on the agents and managing responses.
- Ensure error handling is robust, providing meaningful messages when issues arise.

By completing this project, you'll gain experience in developing enterprise-grade CLI applications while exploring the capabilities of the 'aicippy' package.