allianceauth-oidc-provider

v0.0.2 suspicious
4.0
Medium Risk

Alliance Auth OIDC Provider

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to incomplete metadata and potential obfuscation techniques, though it shows no direct signs of malicious activity.

  • Incomplete author metadata and potentially inactive account
  • Use of base64 encoding, which may indicate data encryption but could also be used for obfuscation
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires external services.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: Base64 decoding is commonly used for storing and retrieving encrypted keys; not necessarily malicious.
  • Credentials: No clear evidence of credential harvesting patterns detected.
  • Metadata: The author's information is incomplete and the account seems new or inactive, raising some concerns but not enough to strongly suggest malicious intent.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 8 test file(s) found

  • 8 test file(s) detected (e.g. __init__.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5093 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 6 unique contributor(s) across 58 commits in Solar-Helix-Independent-Transport/allianceauth-oidc-provider
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • , "OIDC_RSA_PRIVATE_KEY": base64.b64decode(pkey).decode(), "OAUTH2_VALIDATOR_CLASS": "allianceauth_
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository Solar-Helix-Independent-Transport/allianceauth-oidc-provider appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with allianceauth-oidc-provider 
Build a simple Python application using the allianceauth-oidc-provider package to demonstrate its core features.