aidoctor

v0.1.1 safe
3.0
Low Risk

Your agent writes bad Python. This catches it.

🤖 AI Analysis

Final verdict: SAFE

The package aidoctor v0.1.1 presents a low risk profile with no significant red flags identified. The network and shell risks are minor and appear to be within expected bounds for its intended functionality.

  • Network risk 3/10
  • Shell risk 4/10
  • No signs of obfuscation or malicious intent
Per-check LLM notes
  • Network: Network calls may be part of the package's functionality, but should be reviewed to ensure they are not used for unauthorized data transfer.
  • Shell: Shell execution could indicate legitimate use, such as version control operations, but poses a risk if misused for arbitrary code execution.
  • Obfuscation: No obfuscation patterns detected in the code.
  • Credentials: The code appears to be fetching a GitHub token from environment variables for API authentication, which is a common legitimate practice.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags are present.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 21 test file(s) found

  • Test runner config found: pyproject.toml
  • 21 test file(s) detected (e.g. test_cli.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/ankit-aglawe/aidoctor#readme
  • Detailed PyPI description (7287 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 192 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 62 commits in ankit-aglawe/aidoctor
  • Single author but highly active (62 commits)

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • ute call: `time.sleep(...)`, `requests.get(...)`. if isinstance(func, cst.Attribute) and isinst
  • 1) # sync-io-in-async-fn requests.get("http://x") # sync-io-in-async-fn (different builtin) a
  • requests\nasync def f():\n requests.get('http://x')\n" assert len(_run(SyncIoInAsyncFnRule, src)
  • own_client: client = httpx.Client(headers=_auth_headers(), timeout=15.0) try: url
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • str: try: proc = subprocess.run( ["git", *args], cwd=cwd,
  • bprocess\nasync def f():\n subprocess.run(['ls'])\n" assert len(_run(SyncIoInAsyncFnRule, src)) ==
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • USER_AGENT, } token = os.environ.get("GITHUB_TOKEN") if token: headers["Authorization"] = f"Bearer
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository ankit-aglawe/aidoctor appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "aidoctor maintainers" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aidoctor 
Create a Python-based code quality assurance tool named 'CodeSanitizer' using the 'aidoctor' package. This tool aims to help developers improve their Python coding style and identify common errors or inefficiencies in their code. The application will serve as a command-line interface where users can input their Python code snippets or file paths to receive feedback on potential improvements and corrections.

Core Features:
1. Code Input: Allow users to either paste their Python code directly into the CLI or specify a file path to analyze.
2. Analysis Engine: Utilize the 'aidoctor' package to parse and evaluate the provided Python code. The engine should detect issues related to bad coding practices, such as unnecessary complexity, poor variable naming, or inefficient use of functions and classes.
3. Feedback Generator: Based on the analysis, generate a report detailing the identified issues, suggestions for improvement, and best practices. This report should be presented in a user-friendly format within the CLI.
4. Customization Options: Offer customization options for users to adjust the level of detail in the feedback, specify which types of issues they want to focus on, or exclude certain checks.
5. Integration Capabilities: Provide integration capabilities with popular version control systems like Git to automatically run 'CodeSanitizer' on pull requests or commits, ensuring code quality before merging.

Steps to Build the Application:
1. Set up the development environment with Python and install the 'aidoctor' package.
2. Design the CLI interface using Python's argparse module to handle user inputs and commands.
3. Implement the code parsing and analysis logic using 'aidoctor', capturing its output and preparing it for presentation.
4. Develop the feedback generation system to interpret 'aidoctor's findings and present them clearly to the user.
5. Add customization options through command-line flags or configuration files.
6. Integrate with Git by creating hooks or scripts that trigger 'CodeSanitizer' during key operations.
7. Test the application thoroughly with various code samples and edge cases to ensure reliability and accuracy.
8. Document the usage and setup process for other developers and maintainers.
9. Release the application under an open-source license, encouraging contributions and improvements from the community.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!