aidev-agent

v2.0.6 suspicious
7.0
High Risk

bkaidev agent builder

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate to high risks due to its use of potentially unsafe practices and low-quality metadata, raising concerns about its legitimacy and security.

  • High shell risk due to use of shell=True
  • Low metadata quality with a new or inactive maintainer account
Per-check LLM notes
  • Network: Network calls could be legitimate if the package is designed to communicate with external services, but require further investigation to ensure no unauthorized data transfer.
  • Shell: Use of shell=True in subprocess.run is risky and can lead to command injection vulnerabilities, suggesting potential for malicious activities unless justified by package functionality.
  • Metadata: The maintainer has a new or inactive account and lacks PyPI classifiers, indicating low metadata quality and potential low effort.

📦 Package Quality Overall: Low (4.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
◈ Medium Contributing Guide 7.0

Some contribution signals present

  • Governance file: security.py
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 390 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • try: resp = requests.post( endpoint, headers=self.defa
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • format `globals()['module'] = __import__('module')` instead of `import module`. !!! Follow the common princip
Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • try: proc = subprocess.run( # noqa: S603 cmd, capture_
  • try: proc = subprocess.run( # noqa: S602 command, shel
  • command, shell=True, capture_output=True, text=
Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • 供安全性**: - 绝对路径(如 `/etc/passwd`)完全绕过 `root_dir` - 带 `..` 的相对路径可以逃逸 `root_dir`
  • **: - 绝对路径(如 `/etc/passwd`)完全绕过 `root_dir` - 带 `..` 的相对路径可以逃逸 `root_d
  • >>> validate_path("../etc/passwd") # 抛出 PathValidationError >>> validate_path(r"C:\
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "blueking" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aidev-agent 
Create a mini-application named 'AgentAssistant' using the Python package 'aidev-agent'. This application will serve as a personal assistant that can perform various tasks such as scheduling meetings, sending emails, and fetching weather updates based on voice commands. The application should be designed to interact with users through a simple text-based interface initially, but you can expand it to include voice recognition in a later phase.

**Features:**
1. **Voice Command Recognition**: Allow users to give voice commands to schedule meetings, send emails, and get weather updates.
2. **Scheduling Meetings**: Users should be able to command the assistant to schedule meetings with specific contacts at specified times.
3. **Sending Emails**: The assistant should be able to draft and send emails to specified recipients based on user commands.
4. **Weather Updates**: Fetch and provide current weather conditions and forecasts for specified locations.
5. **Task Management**: Add functionality to create, update, and delete tasks from a task list.
6. **User Authentication**: Implement basic user authentication to ensure data privacy.
7. **Integration with External APIs**: Integrate with external APIs for weather updates and email services.

**Utilization of 'aidev-agent':** 
- Use the 'aidev-agent' package to build the core functionalities of the assistant, particularly focusing on its capabilities in voice command processing and task management. The package will handle the initial parsing of commands and interaction flow, allowing you to focus more on implementing the specific actions like scheduling and emailing.
- For voice command recognition, leverage the 'aidev-agent' documentation to understand how to integrate speech-to-text functionalities.
- For task management, use the package's built-in task handling features to manage the creation, updating, and deletion of tasks.
- Ensure to document each step of integration and customization of 'aidev-agent' within your project for future reference and scalability.