aiopyrus

v0.8.1 suspicious
5.0
Medium Risk

Async Python framework for Pyrus API — bots, webhooks, polling, aiogram-style

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some red flags, particularly with its metadata and network behavior, but lacks clear evidence of malicious intent.

  • missing author name
  • non-HTTPS link in metadata
  • unusual naming and comments in code
Per-check LLM notes
  • Network: Network calls are common in packages that interact with external services, but unusual naming and comments suggest potential misuse.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, suggesting low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package has a missing author name and a non-HTTPS link, which raises some suspicion but not enough to conclude it's definitely malicious.

📦 Package Quality Overall: Medium (7.0/10)

✦ High Test Suite 9.0

Test suite present — 10 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 10 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/TimmekHW/aiopyrus#readme
  • Detailed PyPI description (19900 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 317 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 59 commits in TimmekHW/aiopyrus
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • , self._proxy) return httpx.AsyncClient(**kwargs) async def _get_client(self) -> httpx.AsyncCli
  • ice call. В реальности — httpx.post() к вашему API, RabbitMQ publish, gRPC и т.д. In practic
  • gRPC и т.д. In practice — httpx.post() to your API, RabbitMQ publish, gRPC, etc. """ prin
  • Real-world examples: - httpx.post("http://erp.local/api/create_ticket", json={...}) - ra
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://proxy.corp:8080
Git Repository History

Repository TimmekHW/aiopyrus appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aiopyrus 
Your task is to create a fully-functional mini-application that integrates with the Pyrus platform using the 'aiopyrus' library. This application will serve as a bridge between Pyrus tasks and an external system, allowing for automated task management and communication. Here’s a detailed breakdown of what your application should achieve:

1. **Setup**: Start by installing the 'aiopyrus' package via pip. Ensure you have a Pyrus account and create an app with the necessary permissions for webhooks and bot interactions.

2. **Authentication & Initialization**: Implement a secure method to store and retrieve your Pyrus API credentials. Use these credentials to initialize the 'aiopyrus' client within your application.

3. **Task Listener**: Create a webhook listener that uses 'aiopyrus' to monitor incoming Pyrus tasks. When a new task is created or updated, your application should log the details of the task (e.g., title, description, assigned user).

4. **Task Automation**: Develop a feature that automatically updates the status of a Pyrus task based on certain conditions. For example, if a task is overdue, the application should mark it as 'in progress' and notify the assigned user.

5. **Notifications**: Utilize 'aiopyrus' to send notifications back to Pyrus when actions are taken within your application. These could include task updates, reminders, or custom messages.

6. **User Interface**: Although not required, consider adding a simple command-line interface (CLI) that allows users to interact with the Pyrus tasks directly from the terminal. Commands could include listing tasks, updating task statuses, and sending notifications.

7. **Error Handling & Logging**: Implement robust error handling and logging mechanisms to ensure that any issues are captured and can be reviewed for debugging purposes.

8. **Testing**: Write unit tests to verify that each component of your application works as expected. Focus on testing the interaction with Pyrus, the task automation logic, and the notification system.

By following these steps, you’ll create a powerful mini-application that leverages the capabilities of 'aiopyrus' to enhance task management and communication on the Pyrus platform.