alkham

v0.2.0 suspicious
6.0
Medium Risk

Frictionless, one-command capture of AI coding-CLI sessions (Claude Code + Aider) as readable Markdown notes. Library-first.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a credential risk due to suspicious file path manipulation, which may indicate an attempt to access sensitive files. Additionally, the metadata risk score is elevated due to the lack of repository activity and the maintainer's limited presence on PyPI.

  • Suspicious file path manipulation
  • Repository and maintainer have low activity
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package's functionality requires external communications.
  • Shell: No shell executions detected, indicating the package does not attempt to execute commands on the system.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: Suspicious file path manipulation may indicate an attempt to access sensitive files.
  • Metadata: The repository is new with no activity metrics, and the maintainer has only one package on PyPI, raising suspicion but not conclusive evidence of malintent.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 14 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 14 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 7.0

Some documentation present

  • Detailed PyPI description (6120 chars)
  • Classifier: Documentation
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 132 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 23 commits in AliAA1444/alkham
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • "/Users/ali/../../../../../../etc/passwd", "/a/b/..", ], ) def test_routing_hostile_cwd_
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 3 day(s) ago (2026-06-03T22:39:17Z)

  • Repository created very recently: 3 day(s) ago (2026-06-03T22:39:17Z)
  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Ali" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alkham 
Develop a Python-based mini-application named 'CodeCapturePro' that leverages the 'alkham' library to facilitate the seamless documentation of AI-driven coding sessions. This application should enable users to effortlessly record their interactions with AI assistants like Claude and Aider, converting these sessions into well-formatted Markdown files for easy reference and collaboration.

Step 1: Set up your development environment with Python installed, along with the necessary dependencies including the 'alkham' package.

Step 2: Design a user-friendly CLI interface where users can initiate a new session by specifying the AI assistant they're working with (e.g., Claude or Aider).

Step 3: Implement functionality within the application to capture all text inputs and outputs from the AI assistant during the coding session. Ensure that the captured data includes timestamps for each interaction to provide context.

Step 4: Use the 'alkham' package to automatically format the captured session data into a structured Markdown file, which can then be saved locally or shared via cloud storage services like Google Drive or Dropbox.

Suggested Features:
- Session management: Allow users to start, pause, and resume sessions as needed.
- Customizable output directory: Provide options for users to specify where the Markdown files should be saved.
- Integration with version control systems: Automatically commit changes to a Git repository whenever a new session is completed.
- Notification system: Notify users when a session has been successfully saved or if there were any errors during the process.

Ensure that the application is well-documented and includes examples on how to use it effectively. Additionally, consider adding a feature that allows users to review and edit the generated Markdown files before finalizing them.