aiotrade-sdk

v0.32.0 safe
4.0
Medium Risk

High-performance async trading API client for Python supporting BingX and Bybit exchanges with intelligent session and cache management

🤖 AI Analysis

Final verdict: SAFE

The package appears to be legitimate with low risks across all categories except for obfuscation, which is moderately high but not necessarily malicious.

  • moderate obfuscation risk
  • low network, shell, and credential risks
Per-check LLM notes
  • Network: The network call patterns indicate legitimate HTTP(S) requests likely for API interaction or data fetching, typical for an SDK.
  • Shell: No shell execution patterns detected.
  • Obfuscation: The code snippet suggests potential obfuscation through base64 decoding and decryption, which could be used for hiding sensitive operations but may also be legitimate for secure data handling.
  • Credentials: No clear patterns indicative of credential harvesting were found.

📦 Package Quality Overall: Medium (5.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/vispar-tech/aiotrade#readme
  • Detailed PyPI description (12796 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 174 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in vispar-tech/aiotrade
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • ) self._session = aiohttp.ClientSession( connector=connector, header
  • ) cls._session = aiohttp.ClientSession( connector=connector, headers={
  • : self._session = aiohttp.ClientSession() return self async def __aexit__( self
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • strip()) ciphertext = base64.b64decode(encrypted_b64) try: decrypted = priv_key
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: mail.ru

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository vispar-tech/aiotrade appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Daniil Pavlovich" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aiotrade-sdk 
Create a fully-functional mini-trading app that utilizes the 'aiotrade-sdk' package to interact with both BingX and Bybit exchanges. This app will allow users to monitor their trading accounts, execute trades, and manage orders asynchronously. The application should have the following core functionalities:

1. User Authentication: Implement a secure login system where users can authenticate themselves using their API keys from BingX and Bybit.
2. Account Overview: Display the user's account balance, open orders, and recent trades in real-time.
3. Trade Execution: Allow users to place market and limit orders, and cancel existing orders.
4. Historical Data: Fetch historical price data for specific symbols and visualize it using a simple chart.
5. Intelligent Session Management: Utilize 'aiotrade-sdk's intelligent session management feature to handle connection issues gracefully and ensure reliable data fetching.
6. Cache Management: Use the cache management capabilities of 'aiotrade-sdk' to store and retrieve frequently accessed data locally, improving performance and reducing load on the exchanges.
7. Asynchronous Operations: Ensure all network requests are handled asynchronously to prevent blocking the main thread and improve responsiveness.

The application should be built as a command-line interface (CLI) tool, providing a clean and intuitive experience for traders. Additionally, consider adding advanced features such as automated trading strategies based on predefined rules or indicators.