aion-core

v0.8.3 suspicious
4.0
Medium Risk

AION Core runtime security layer for AI agent tool-call control, receipts, scanning, and approvals.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low risks in terms of obfuscation and credential handling but has a moderate metadata risk due to the newness and inactivity of the maintainer and lack of community engagement.

  • Low obfuscation risk
  • Low credential risk
  • Moderate metadata risk
Per-check LLM notes
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer seems new or inactive, and the repository lacks community engagement.

📦 Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present — 16 test file(s) found

  • 16 test file(s) detected (e.g. crewai_real_test.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/Sourabh1845/aion-core/tree/main/docs
  • Detailed PyPI description (6772 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 111 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 22 commits in Sourabh1845/aion-core
  • Single author but highly active (22 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • tra_args] completed = subprocess.run(command, text=True, capture_output=True, check=False)
  • _path), ] completed = subprocess.run(command, input=json.dumps(request) + "\n", text=True, captur
  • _path), ] completed = subprocess.run( command, input=json.dumps(request) + "\n",
  • er_path), ] process = subprocess.run( command, input=json.dumps(case["request"])
  • Config) -> int: process = subprocess.Popen( config.upstream_command, stdin=subprocess.P
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Sourabh Ranjan Sahoo" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aion-core 
Develop a secure AI agent management system using the Python package 'aion-core'. This mini-application will serve as a sandbox environment for experimenting with AI agents under controlled conditions. The system should include the following features:

1. **Agent Registration**: Users can register new AI agents with unique identifiers. Each agent must provide a description of its capabilities and intended use.
2. **Tool-Call Control**: Implement a feature where registered agents can request access to specific tools (e.g., web scraping, data analysis libraries). The system should use 'aion-core' to manage these requests, ensuring that only approved and scanned tools are accessible to the agents.
3. **Audit Logs**: Maintain a log of all tool calls made by each agent. These logs should include timestamps, the tool called, and the outcome of the call.
4. **Security Receipts**: After a tool call, generate a security receipt that confirms the agent's compliance with security policies. This receipt should be stored alongside the audit log.
5. **Approval Workflow**: Introduce an approval process for new tool requests from agents. Agents must submit their requests, which then go through a manual review process before being approved or denied.
6. **Scanning and Analysis**: Use 'aion-core' to scan incoming tool requests for any potential security risks. If a risk is detected, the request should be flagged and not proceed without further review.

The application should be designed to demonstrate the full functionality of 'aion-core', including its ability to control AI agent tool-calls, manage receipts, conduct scans, and handle approvals. Additionally, ensure that the system is user-friendly and provides clear feedback at every step of the process.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!