ainativelang

v1.8.1 suspicious
7.0
High Risk

AINL compiler, runtime, validator, and tooling

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple indicators of potential risk including obfuscated code, execution of shell commands, and access to sensitive environment variables. While these actions alone do not confirm malicious behavior, the combination raises concerns about its legitimacy and potential for abuse.

  • High obfuscation risk
  • Access to sensitive environment variables
  • Execution of shell commands
Per-check LLM notes
  • Network: The network calls seem to be related to making POST requests and fetching embeddings, which could be part of the package's functionality but should be verified against official documentation.
  • Shell: Executing shell commands like 'docker' and 'curl' can indicate potential risks if not properly documented and controlled, suggesting possible unauthorized system interactions.
  • Obfuscation: The presence of base64 decoding suggests an attempt to obscure code logic or data, which may indicate malicious intent but could also be used for legitimate purposes like data encryption.
  • Credentials: Accessing environment variables that typically contain tokens (like GITHUB_TOKEN, GH_TOKEN) and using them without clear justification raises suspicion of potential credential harvesting activities.

📦 Package Quality Overall: Medium (7.0/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_agent_setup.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/sbhooley/ainativelang
  • Detailed PyPI description (122000 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 425 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 6 unique contributor(s) across 100 commits in sbhooley/ainativelang
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • _base_url}/mcp" req = urllib.request.Request(url, data=body, method="POST") req.add_heade
  • try: with urllib.request.urlopen(req, timeout=self._timeout_s) as resp:
  • ]}).encode("utf-8") req = urllib.request.Request( f"{base}/embeddings", data=payload,
  • , ) try: with urllib.request.urlopen(req, timeout=60) as resp: raw = resp.rea
  • est?ids%5B%5D={fh}" req = urllib.request.Request(url, headers={"Accept": "application/json"}, method=
  • ="GET") try: with urllib.request.urlopen(req, timeout=30) as resp: body = resp.re
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • : file_data = base64.b64decode(content) else: file_data = conte
  • try: raw = base64.b64decode(str(args[1])) except Exception as e: rai
  • lf._embed(text) now = __import__("time").time() blob = json.dumps(vec, separators=(",", ":")
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: out = subprocess.check_output(['docker', 'images', '-q', image], text=True, timeout=5)
  • try: out = subprocess.check_output(['curl', '-s', '-o', '/dev/null', '-w', '%{http_code}', url]
  • try: proc = subprocess.run( [self._fallback_cmd], input
  • LAW_BIN] + cmd[1:] return subprocess.run(full_cmd, **kwargs) class EmailAdapter(RuntimeAdapter):
  • code = subprocess.check_output(cmd, text=True, timeout=3).strip()
  • try: out = subprocess.check_output(['lsof', '-i', f':{port}', '-sTCP:LISTEN'], text=True)
Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • uests.Session() tok = os.getenv("GITHUB_TOKEN") or os.getenv("GH_TOKEN") if tok: self
  • self.cache_namespace = os.getenv("TOKEN_TRACKER_CACHE_NS", "workflow") self.cache_key = os.
  • ow") self.cache_key = os.getenv("TOKEN_TRACKER_CACHE_KEY", "main_session_tokens") self.def
  • .default_window_minutes = int(os.getenv("TOKEN_TRACKER_WINDOW_MINUTES", "60")) self.cache_ttl_seco
  • self.cache_ttl_seconds = int(os.getenv("TOKEN_TRACKER_CACHE_TTL", "300")) def run(self, method: str,
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8766/
  • Non-HTTPS external link: http://127.0.0.1:8000
Git Repository History

Repository sbhooley/ainativelang appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Steven Hooley" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ainativelang 
Create a simple interactive story-telling application using the 'ainativelang' package. This application will allow users to input their own narrative elements such as characters, settings, and plot points, which will then be compiled and executed within the application to generate a personalized story. Here are the steps and features your project should include:

1. **Setup Project Environment**: Ensure you have Python installed and install the 'ainativelang' package.
2. **User Interface Design**: Develop a basic GUI where users can input details about their story, including the title, main character(s), setting, and key events.
3. **Story Composition**: Allow users to define different parts of their story through a series of prompts. For example, they might describe the protagonist, set the scene, outline conflicts, and define resolutions.
4. **AINL Script Generation**: Use 'ainativelang' to compile user inputs into a structured script format. This involves leveraging the package's compiler and runtime capabilities to ensure the story flows logically and adheres to a predefined structure.
5. **Interactive Story Playback**: Implement a feature where the story can be played back interactively, allowing readers to experience the narrative as if it were a choose-your-own-adventure book. Utilize 'ainativelang' for dynamic content generation based on user choices during playback.
6. **Validation and Error Handling**: Incorporate 'ainativelang' validation tools to check the coherence and integrity of the story before playback. Provide feedback to users if there are any issues with their input.
7. **Save and Load Stories**: Enable users to save their stories to disk and load them later for editing or replaying. This functionality should also use 'ainativelang' to serialize and deserialize the story data.
8. **Enhancements**: Consider adding additional features such as character customization options, multiple storylines, or even integrating AI-generated content to enhance the storytelling experience.

This project not only showcases the power of 'ainativelang' in managing complex narrative structures but also provides a fun and engaging way for users to explore creative writing.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!