Package Metadata

Author: —
Email: Sambit Mishra <[email protected]>
PyPI: ain-state-compiler
Python: >=3.9
Versions: 6 releases
First release: 04 Jun 2026, 08:21 UTC
Analysed: 06 Jun 2026, 16:55 UTC
Source files: 19 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersIntended Audience :: Information TechnologyLicense :: Other/Proprietary LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant potential risks related to shell execution and credential handling, indicating possible misuse. Additionally, metadata inconsistencies raise concerns about the package's legitimacy.

High shell risk due to external command execution
Potential credential harvesting activities
Inconsistent metadata and short maintainer history

Per-check LLM notes

Network: Network calls include fetching URLs and making HTTP requests, which may be legitimate but warrant further investigation to ensure they are not used for unauthorized data transfer.
Shell: Shell executions involve running external commands and installing software, which could indicate potential risks such as downloading and executing malicious code or installing unwanted software.
Obfuscation: No obfuscation patterns detected in the provided code snippets.
Credentials: The code snippet indicates potential interactive harvesting of credentials which could be used for storing secrets securely but also poses a risk if not handled properly.
Metadata: The package has several red flags including a non-existent git repository, a very short maintainer history, and an author with limited information.

📦 Package Quality Overall: Low (3.2/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/sambitmishra98/ain-state-compiler#readme
Detailed PyPI description (9295 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 5.0

Partial type annotation coverage

31 type-annotated function signatures detected in source

○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

GitHub API error: 404

🔬 Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

try: urllib.request.urlretrieve(installer_url, installer_path) _
) if body else None req = urllib.request.Request( url, data=data, method=meth
, ) try: with urllib.request.urlopen(req, timeout=30) as resp: return json.lo
url = f"{url}?{qs}" req = urllib.request.Request( url, headers={"Authorization": f"Be
e}).encode("utf-8") req = urllib.request.Request( ollama_url, data=payload, h

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

on PATH.""" try: subprocess.run( [cmd, "--version"], stdout=subproce
s admin)...") subprocess.run( [installer_path, "/S"],
try: subprocess.run( "curl -fsSL https://ollama.com/install.
try: subprocess.run(["brew", "install", "ollama"], check=True) _
inutes)...") try: subprocess.run(["ollama", "pull", model], check=True) _print(f"[+]
try: result = subprocess.run( ["powershell", "-ExecutionPolicy", "Bypass"

⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

b-...)", secret=True, default=os.environ.get("SLACK_BOT_TOKEN", "")) # ---- Jira ---- _print("\n[2/5] J
if secret: val = getpass.getpass(full_label) else: val = input(full_label

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: ain-compiler.ai>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

Repository not found (deleted or private)

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Package is very new: uploaded 2 day(s) ago
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ain-state-compiler

Create a mini-app called 'OperationalSync' that integrates with Slack, Jira, and Gmail to provide a unified operational state for AI agents to execute tasks. The app should compile real-time data from these platforms, resolve any conflicts, and present a clean, actionable state for AI-driven workflows.

Step 1: Set up the project structure and install necessary packages including 'ain-state-compiler'.
Step 2: Develop APIs for connecting to Slack, Jira, and Gmail using their respective SDKs or APIs.
Step 3: Implement a state compiler using 'ain-state-compiler' to continuously fetch, process, and integrate data from all three platforms.
Step 4: Design a conflict resolution mechanism within the compiler to handle discrepancies between data sources.
Step 5: Create a user-friendly interface (web or CLI) where users can view the compiled state and initiate actions based on it.
Step 6: Integrate AI capabilities to suggest optimized workflows based on the compiled state.

Suggested Features:
- Real-time updates from Slack, Jira, and Gmail.
- Conflict detection and resolution logs.
- User-defined rules for workflow optimization.
- Actionable insights and task recommendations for users.
- Customizable views for different roles (e.g., managers, developers).

Utilize 'ain-state-compiler' to streamline the integration process and ensure the compiled state is accurate and consistent across all platforms.