alcf-ai

v0.5.0 suspicious
4.0
Medium Risk

ALCF Inference Gateway SDK

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of legitimate functionality but has a moderate network risk and low activity, raising concerns about its reliability and potential for misuse.

  • moderate network risk
  • low package activity
Per-check LLM notes
  • Network: The presence of network calls suggests the package may communicate with external servers, which could be for legitimate purposes like updates or API interactions, but requires further investigation to confirm intent.
  • Shell: No shell execution patterns were detected.
  • Metadata: Low activity and lack of additional metadata suggest potential low quality or inactivity, but insufficient evidence of malice.

📦 Package Quality Overall: Low (2.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5670 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 36 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • path, "rb") as f: r = httpx.put( f"{https_server}/{Path(remote_path).as_posix().
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ance(obj, str): obj = base64.b64decode(obj) if isinstance(obj, bytes): if obj[:2] == b
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: anl.gov>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Misha Salim" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alcf-ai 
Create a mini-application named 'AI Art Recommender' using the Python package 'alcf-ai'. This application will serve as a user-friendly interface for recommending art pieces based on user preferences. The application should have the following functionalities:

1. User Registration and Login: Allow users to register and log in to their accounts.
2. Preference Setup: Users can set up their preferences regarding art styles, artists, and historical periods.
3. AI-Powered Recommendations: Utilize 'alcf-ai' to connect to an inference gateway where AI models process user preferences and recommend suitable art pieces from a database.
4. Interactive Feedback: Users can provide feedback on recommendations, helping to refine future suggestions.
5. Personalized Dashboard: Display recommended art pieces in a personalized dashboard along with brief descriptions and images.
6. Integration with External Art Databases: Fetch art piece data from external databases and integrate it into the recommendation system.

To achieve these functionalities, you will need to utilize the 'alcf-ai' package to interact with the inference gateway. Specifically, use its SDK to send user preference data to the gateway, receive recommendations from pre-trained models, and handle any responses or errors effectively. Additionally, ensure the application is well-documented and includes a setup guide for developers interested in extending or modifying the application.