Package Metadata

Author: —
Email: AICoin Team <[email protected]>
PyPI: aicoin
Python: >=3.10
Versions: 10 releases
First release: 28 May 2026, 09:14 UTC
Analysed: 06 Jun 2026, 15:40 UTC
Source files: 34 .py files scanned

Project Links

Bug Tracker Documentation Homepage PyPI Repository

Classifiers

Development Status :: 3 - AlphaFramework :: AsyncIOIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Scientific/Engineering :: Artificial IntelligenceTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several suspicious behaviors including potential credential harvesting, obfuscated code, and execution of shell commands which could indicate malicious intent or misuse. However, without concrete evidence of malicious activities, it cannot be conclusively classified as malicious.

credential risk
shell command execution
code obfuscation

Per-check LLM notes

Network: The network calls seem to be standard HTTP/WS requests which could be legitimate depending on the package's functionality.
Shell: Executing shell commands like 'nvidia-smi' and 'rustc --version' might be part of the package's intended functionality, but running arbitrary commands is risky and could indicate potential misuse.
Obfuscation: The obfuscation patterns suggest an attempt to hide code logic, which could be benign but raises suspicion for potential evasion of analysis.
Credentials: Direct handling and prompt for user input of password indicates risk of credential harvesting, especially with insufficient context provided for legitimate use.
Metadata: The maintainer's lack of activity and information raises some concerns, but there is no clear evidence of malicious intent.

📦 Package Quality Overall: Medium (7.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

Test runner config found: pyproject.toml

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/ctz168/aicoin#readme
Detailed PyPI description (10385 chars)

◈ Medium Contributing Guide 7.0

Some contribution signals present

Governance file: governance.py

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
550 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

3 unique contributor(s) across 11 commits in ctz168/aicoin
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

self._client_session = aiohttp.ClientSession( connector=connector,
arer {token}" async with aiohttp.ClientSession() as session: async with session.request(method, url
t aiohttp async with aiohttp.ClientSession() as session: async with session.ws_connect(ws_u
async with aiohttp.ClientSession() as http_session: local
True self._session = aiohttp.ClientSession(timeout=aiohttp.ClientTimeout(total=5)) # 启动同步 HTTP

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

hex(nonce_hex) full = base64.b64decode(ciphertext_b64) ciphertext = full[:-16] tag
code=True ) model_obj.eval() async def handle_completions(request): data =
vice) self.model.eval() # 计算模型大小 param_count = sum(p.nume
vice) self.model.eval() # 提取组件引用并释放不需要的层 logger.info("
# 加权随机选择 r = __import__("random").random() * total_weight cumulative = 0.0
numpy_arr = pickle.loads(zlib.decompress(data[2:])) elif first_byte == 0x00:

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

bprocess result = subprocess.run( ["nvidia-smi", "--query-gpu=name,memory.tot
t subprocess result = subprocess.run( ["nvidia-smi", "--query-gpu=memory.used", "--fo
try: result = subprocess.run( ["nvidia-smi", "--query-gpu=index,name,memo
""" try: result = subprocess.run( ["rustc", "--version"], capture_out
""" try: result = subprocess.run( ["cargo", "--version"], capture_out
""" try: result = subprocess.run( [sys.executable, "-m", "maturin", "--version"],

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

password = args.password or getpass.getpass("密码: ") if not email or not password: print("错误

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: proton.me>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aicoin

Create a decentralized AI computing mini-application using the 'aicoin' package. This application will serve as a simple node manager for users to join the AICoin network, contribute their GPU/CPU resources, and earn AIC tokens for running AI inference tasks. Here’s a step-by-step guide on how to develop this mini-application:

1. **Setup Environment**: Begin by setting up your development environment. Ensure you have Python installed along with the necessary libraries and the 'aicoin' package.
2. **User Interface**: Develop a user-friendly interface where users can sign up/login to manage their node contributions and view their earned AIC tokens.
3. **Node Registration**: Implement a feature allowing users to register their computing nodes (with details like available GPU/CPU resources) to the AICoin network.
4. **Task Assignment**: Utilize the 'aicoin' package to assign AI inference tasks to registered nodes based on their resource availability and network requirements.
5. **Token Rewards**: Integrate token reward mechanisms where nodes are rewarded AIC tokens for successfully completing assigned tasks.
6. **Monitoring & Reporting**: Include functionalities to monitor task execution status and generate reports on resource usage and token earnings for each node.
7. **Security Measures**: Ensure all data transmissions are secure and implement measures to prevent unauthorized access or manipulation of the system.
8. **Testing & Deployment**: Thoroughly test the application for any bugs or issues before deploying it to a public or private network.

Suggested Features:
- Real-time monitoring of node performance and task progress.
- Detailed analytics on resource utilization and token distribution.
- User profiles showcasing contribution history and total earnings.
- Support for multiple types of AI models and inference tasks.
- Integration with popular cryptocurrency wallets for seamless token management.

The 'aicoin' package is utilized primarily for managing the decentralized network operations, including node registration, task assignment, and token rewards. It provides the necessary tools and APIs to facilitate these processes efficiently.