aicode-verify

v0.2.0 suspicious
6.0
Medium Risk

Semantic checker for AI-generated Python code.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package contains significant risks due to obfuscation techniques and potential shell injection vulnerabilities, despite having no direct evidence of malicious intent or network activity.

  • High obfuscation risk due to use of eval
  • Potential for shell injection via subprocess.run with shell=True
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Detection of subprocess.run with shell=True indicates potential for code injection and should be reviewed carefully.
  • Obfuscation: The use of eval and subprocess.run with shell=True indicates potential for code injection and execution, which is risky.
  • Credentials: No direct credential harvesting patterns detected, but the presence of hard-coded secrets is concerning.
  • Metadata: The maintainer has only one package and no associated GitHub repository, which could indicate a new or less active developer.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

  • Test runner config found: pyproject.toml
  • 5 test file(s) detected (e.g. test_cli.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4960 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 45 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ess password = "super-secret" eval("1 + 1") subprocess.run("echo hi", shell=True) """ )
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • a list of arguments instead: subprocess.run(['cmd', 'arg'])", ) )
  • suggestion="Use subprocess.run([...], shell=False)", ) )
  • "super-secret" eval("1 + 1") subprocess.run("echo hi", shell=True) """ ) assert any("code injec
  • message="subprocess with shell=True enables shell injection", suggestio
  • 1") subprocess.run("echo hi", shell=True) """ ) assert any("code injection" in message for
  • age in found) assert any("shell=True" in message for message in found) def test_rule_ids_are_s
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Shrajesh" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aicode-verify 
Create a desktop application using Python and Tkinter that acts as an AI Code Verifier. This application will allow users to input Python code snippets directly into the GUI and receive feedback on the semantic correctness of the code. Utilize the 'aicode-verify' package to perform the verification process.

Steps to follow:
1. Set up the basic structure of the application using Tkinter.
2. Design the GUI to include an area for code input, a button to trigger the verification process, and an output area to display results.
3. Implement a function that takes the user's input code and passes it through the 'aicode-verify' package.
4. Capture the feedback from 'aicode-verify' and display it in the output area of the GUI.
5. Enhance the application by adding features such as saving the verified code snippets, loading previous sessions, and allowing the user to choose between different levels of verification detail.
6. Ensure the application handles exceptions gracefully and provides meaningful error messages.
7. Test the application thoroughly to ensure it works as expected with various types of Python code.

Suggested Features:
- A history tab to view previously verified code snippets.
- An option to export verification reports.
- Support for multiple languages, though initially focus on Python.
- Integration with popular code editors via plugins (optional).
- User-friendly interface with clear instructions and examples.