aif-normbase

v0.1.27 suspicious
5.0
Medium Risk

Agent Information Field - Norm Repository

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits suspicious behavior due to high shell risk and potential for executing arbitrary commands, despite showing no signs of obfuscation, credential harvesting, or strong indicators of malicious intent. The low author engagement and poor metadata quality also contribute to some level of concern.

  • High shell risk due to execution of external commands
  • Low author engagement and poor metadata quality
Per-check LLM notes
  • Network: The network call pattern is relatively benign, suggesting HTTP requests with timeouts which could be part of normal functionality.
  • Shell: The shell execution patterns raise concerns as they involve running external commands like 'lsof' and capturing output, which may indicate the package is performing system checks or potentially executing arbitrary commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows low author engagement and poor metadata quality, raising some concerns but not strong indicators of malicious intent.

📦 Package Quality Overall: Low (3.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (11134 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 147 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • imeout_seconds) client = httpx.AsyncClient(timeout=timeout) app.state.http_client = client ap
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • " try: result = subprocess.run( ["lsof", "-ti", f":{port}"], capt
  • "CLAUDECODE"} result = subprocess.run( cmd, input=prompt, capture_outpu
  • DECODE"} process = subprocess.Popen( cmd, stdout=subprocess.PIPE,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8000
  • Non-HTTPS external link: http://127.0.0.1:5173
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aif-normbase 
Your task is to develop a mini-application named 'NormBase Explorer' using Python, which leverages the 'aif-normbase' package to provide a user-friendly interface for exploring and managing normative data related to agent information fields. This application will serve as a tool for researchers, developers, and data analysts who need to work with structured normative data efficiently.

The 'NormBase Explorer' application should have the following core functionalities:
1. **Data Import**: Allow users to import normative data from various sources such as CSV files or JSON formatted strings. Ensure the imported data conforms to the structure expected by the 'aif-normbase' package.
2. **Data Exploration**: Implement features to explore the imported data, including filtering, sorting, and searching capabilities based on specific fields or criteria defined within the 'aif-normbase' package.
3. **Visualization**: Integrate basic visualization tools (using libraries like matplotlib or seaborn) to display statistical summaries of the data, such as frequency distributions of certain attributes.
4. **Normalization**: Utilize the normalization functionalities provided by 'aif-normbase' to standardize the data according to predefined norms or rules. This could include handling missing values, ensuring consistency across different datasets, etc.
5. **Export**: Provide options to export the processed data back into different formats (CSV, JSON) or directly into a database.
6. **User Interface**: Develop a simple yet intuitive command-line interface (CLI) for interacting with the application. Consider adding interactive elements if you're comfortable with GUI development frameworks like PyQt or Tkinter.

In addition to these core functionalities, feel free to suggest and implement any additional features that enhance the usability or extend the functionality of 'NormBase Explorer'. Your goal is to create a versatile tool that not only showcases the capabilities of the 'aif-normbase' package but also adds value through its unique implementation and additional features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!