Package Metadata

Author: —
Email: "Aleph.im Team" <[email protected]>
PyPI: aleph-sdk-python
Python: >=3.10
Versions: 30 releases
First release: 25 Jan 2023, 19:03 UTC
Analysed: 06 Jun 2026, 21:24 UTC
Source files: 47 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaFramework :: aiohttpIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: MacOS :: MacOS XOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk profile due to the high shell risk and medium network and obfuscation risks. While it does not seem to pose immediate danger, the presence of shell commands and lack of detailed author information warrant caution.

High shell risk
Medium network and obfuscation risks
Lack of detailed author information

Per-check LLM notes

Network: Network calls are common in SDKs and suggest legitimate API interactions.
Shell: Executing shell commands can be risky; this pattern may indicate potential for local system manipulation or exploitation.
Obfuscation: The use of base64 encoding for data may indicate obfuscation but could also be a legitimate need to encode binary data as strings.
Credentials: No credentials or secrets were harvested; the code does not appear to pose a risk for credential theft.
Metadata: The maintainer has a new or inactive account and lacks detailed author information, which may indicate a lower level of trustworthiness.

📦 Package Quality Overall: Medium (6.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

Test runner config found: pyproject.toml

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://aleph.im/
Detailed PyPI description (3270 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

360 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

15 unique contributor(s) across 100 commits in aleph-im/aleph-sdk-python
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

se None session = aiohttp.ClientSession(connector=connector) async with session.get(f"{host
p_session = ( aiohttp.ClientSession( base_url=self.api_server,
.timeout else aiohttp.ClientSession( base_url=self.api_server,
""" async with aiohttp.ClientSession() as session: async with session.get(
self.session = session or aiohttp.ClientSession() def _generate_pubkey_payload(self, chain: Chain = Cha
n requests async with aiohttp.ClientSession() as session: async with session.get(settings.CR

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

bytes]: launch_measure = base64.b64decode(sev_data.launch_measure) vm_measure = launch_measure[0:3

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

{path}.squashfs") os.system(f"mksquashfs {path} {archive_path} -noappend") a

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: aleph.im>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository aleph-im/aleph-sdk-python appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aleph-sdk-python

Create a simple file-sharing application using the Aleph.im network. Your application should allow users to upload files (text files, images, etc.) to the Aleph.im network and provide a unique identifier for each uploaded file which can be used to retrieve it later. Additionally, implement a feature that allows users to search for files based on metadata such as file type or creation date. Here are the steps and features you should include:

1. **Setup**: Install the `aleph-sdk-python` package and set up your environment.
2. **User Interface**: Develop a basic command-line interface (CLI) for uploading, downloading, and searching files.
3. **File Upload**: Implement functionality to upload files to the Aleph.im network using the SDK. Ensure that each file has a unique identifier.
4. **File Download**: Add the ability to download files from the network using their unique identifiers.
5. **Metadata Management**: Allow users to add metadata (e.g., title, description, file type) when uploading files. Use this metadata for searching.
6. **Search Functionality**: Implement a search feature that allows users to find files based on their metadata.
7. **Security**: Consider implementing basic security measures, like encrypting file content before uploading.
8. **Testing**: Write tests to ensure all functionalities work as expected.
9. **Documentation**: Provide clear documentation for both users and developers on how to use the application and integrate it into other projects.

The goal is to create a functional, user-friendly tool that showcases the capabilities of the Aleph.im network through its Python SDK.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.4/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue