akari-cli

v0.1.8 suspicious
6.0
Medium Risk

Akari Watanabe AI Assistant - Voice-first CLI & Web Assistant

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant network and shell execution risks, suggesting potential for malicious activity. However, there is no clear evidence of credential harvesting or severe obfuscation.

  • High network risk
  • High shell execution risk
Per-check LLM notes
  • Network: Detected network calls to external services may indicate data exfiltration or C2 communications.
  • Shell: Use of shell execution commands can potentially lead to arbitrary code execution and is a common vector for malicious activities.
  • Obfuscation: The obfuscation pattern is likely used to execute a command via osascript, which might be an attempt to hide the command's purpose but doesn't inherently suggest malicious intent.
  • Credentials: No patterns indicative of credential harvesting were detected.
  • Metadata: The author's information is incomplete and the maintainer seems new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • 4 test file(s) detected (e.g. test_browser_integration.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (8912 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 161 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ectivity.""" try: socket.create_connection(("1.1.1.1", 53), timeout=3) return True except O
  • renheit" with urllib.request.urlopen(url, timeout=3) as resp: d = _js
  • try: async with httpx.AsyncClient(timeout=15.0) as http: response = await http
  • e try: async with httpx.AsyncClient(timeout=5.0) as http: resp = await http.get("htt
  • try: async with httpx.AsyncClient(timeout=15.0) as http: response = await http.pos
  • } try: async with httpx.AsyncClient(timeout=10.0) as client: resp = await client.pos
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • proc = __import__("subprocess").run( ["osascript", "-e", ''' se
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • player.Close()\"" subprocess.run(cmd, shell=True, stdout=subprocess.DEVNULL, stderr=subproces
  • h} && claude -p"' subprocess.Popen(cmd, shell=True) if sys.platform == "win32" else subprocess.
  • sys.platform == "win32" else subprocess.run(["osascript", "-e", cmd]) return f"Started task
  • \\"{target}\\""' subprocess.Popen(cmd, shell=True) if sys.platform == "win32" else subprocess.
  • sys.platform == "win32" else subprocess.run(["osascript", "-e", cmd]) return f"Started GOD M
  • port subprocess result = subprocess.run( [sys.executable, str(hello_path)], capture_
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with akari-cli 
Create a voice-controlled personal assistant app using the 'akari-cli' package. This application will allow users to interact with their computer through voice commands, making it easier to perform various tasks without needing to use a keyboard or mouse. Here are the steps and features to implement:

1. **Setup and Installation**: Begin by installing the 'akari-cli' package and setting up your development environment.
2. **Voice Recognition Integration**: Utilize 'akari-cli' to integrate voice recognition capabilities into your app. Users should be able to give commands such as 'open browser', 'play music', or 'set a reminder'.
3. **Task Execution**: When a voice command is recognized, the app should execute the corresponding task. For example, if the user says 'open browser', the default web browser should open.
4. **Web Interface**: Develop a simple web interface where users can see a history of commands given and actions taken. This will also allow users to manually input commands if they prefer not to use voice control.
5. **Custom Commands**: Allow users to add custom voice commands and associated actions. For instance, a user could create a command like 'start workday' which would automatically start their work playlist and open their calendar.
6. **Notification System**: Implement a system where the app can send notifications based on voice commands. For example, if a user asks to set a reminder, the app should notify them at the specified time.
7. **Security Features**: Ensure that the app includes basic security measures, such as requiring a password to activate voice commands or allowing users to specify certain commands that require authentication.
8. **Testing and Documentation**: Finally, thoroughly test the app to ensure all features work correctly. Provide clear documentation on how to install, configure, and use the app.

The 'akari-cli' package is utilized throughout the project to handle voice recognition and interaction. It serves as the backbone of the app's ability to understand and respond to voice commands.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!