aicoreutils

v1.2.3 suspicious
4.0
Medium Risk

Agent-friendly CLI layer inspired by GNU Coreutils.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential obfuscation and has incomplete maintainer metadata, raising concerns about its legitimacy and purpose.

  • Obfuscation through base64 encoding
  • Incomplete maintainer metadata
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires internet access.
  • Shell: Shell execution is present but seems to be for local operations rather than malicious activity, however, further investigation into the commands executed is recommended.
  • Obfuscation: The usage of base64 encoding and decoding might indicate obfuscation, but it could also be for legitimate purposes such as data transmission.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The maintainer's author information is incomplete and the account seems new or inactive, raising some concerns but not strong evidence of malice.

πŸ“¦ Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present β€” 19 test file(s) found

  • Test runner config found: pyproject.toml
  • 19 test file(s) detected (e.g. test_agent_call_flow.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (8539 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 395 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in caseSHY/AI-CLI
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • base64": output = base64.b64decode(b"".join(data.split()), validate=True) if args.decode else b
  • base64": output = base64.b64decode(compact, validate=True) if args.decode else base64.b64encode
  • dout(result) stdout = base64.b64decode(payload["result"]["stdout_base64"]).decode("utf-8").replace(
  • rncode"], 0) stdout = base64.b64decode(payload["result"]["stdout_base64"]).decode("utf-8").replace(
  • cwd=cwd, env={**__import__("os").environ, **env}, ) try: stdout, stderr = a
  • tput=True, env={**__import__("os").environ, "PYTHONPATH": "src"}, timeout=10,
⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • try: completed = subprocess.run( command, capture_output=True,
  • .open(mode) process = subprocess.Popen( command, stdout=handle,
  • try: completed = subprocess.run(command, capture_output=True, timeout=timeout, check=False,
  • rt time output = subprocess.check_output(["sysctl", "-n", "kern.boottime"], text=True) #
  • YTHONUTF8", "1") result = subprocess.run( [sys.executable, "-m", "aicoreutils", *args],
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository caseSHY/AI-CLI appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aicoreutils 
Create a command-line utility called 'FileMaven' that leverages the 'aicoreutils' package to manage and manipulate files in a user-friendly manner. FileMaven should serve as a comprehensive tool for file operations, offering advanced features beyond basic commands like copy, move, and delete. Here’s a detailed breakdown of what your project should include:

1. **Installation**: Provide a simple setup guide that allows users to install FileMaven via pip and configure it for their system.
2. **Core Commands**: Implement essential file management commands such as `copy`, `move`, `delete`, `list`, and `rename`. Each command should leverage 'aicoreutils' to ensure robust and efficient execution.
3. **Advanced Features**:
   - **Search**: Integrate a powerful search function that allows users to find files based on name, content, or metadata. Use 'aicoreutils' to enhance the search capabilities, making it faster and more accurate.
   - **Compress/Decompress**: Offer the ability to compress and decompress files into common formats like ZIP, TAR, GZ, etc., using 'aicoreutils' for seamless integration.
   - **Backup**: Develop a backup feature that automatically backs up files to a specified location, ensuring data safety.
4. **Customization**: Allow users to customize FileMaven according to their preferences. This includes setting default directories, preferred compression formats, and other settings that can be managed through a configuration file.
5. **User Interface**: Design a clean and intuitive command-line interface (CLI) that guides users through various operations smoothly.
6. **Documentation**: Create comprehensive documentation that covers installation, usage examples, and troubleshooting tips. Highlight how 'aicoreutils' contributes to the efficiency and functionality of FileMaven.
7. **Testing**: Ensure all functionalities are thoroughly tested to guarantee reliability. Include unit tests for each command and feature to validate their correctness.
8. **Security**: Pay special attention to security aspects, especially when dealing with sensitive information during file operations.

By following these guidelines, you will create a versatile and user-friendly file management utility that takes advantage of 'aicoreutils' to deliver enhanced performance and functionality.