allowance

v0.1.6 suspicious
5.0
Medium Risk

Allowance agent purchase wallet CLI

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package allowance v0.1.6 exhibits a high credential risk due to its use of keyring.get_password, which may indicate potential credential harvesting. Additionally, the missing repository and the maintainer's single package listing raise concerns about its legitimacy.

  • High credential risk
  • Missing repository
  • Single package by maintainer
Per-check LLM notes
  • Network: The presence of network calls could be legitimate if the package is designed to fetch external resources or data.
  • Shell: No shell execution patterns were detected, indicating no immediate risk from this aspect.
  • Obfuscation: No obfuscation patterns detected in the code.
  • Credentials: The usage of keyring.get_password suggests potential credential harvesting activities.
  • Metadata: The repository is not found and the maintainer has only one package, which raises suspicion but does not conclusively indicate malice.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • Test runner config found: pyproject.toml
  • 4 test file(s) detected (e.g. test_checkout_commands.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4235 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 138 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • try: with httpx.Client(timeout=self.timeout) as client: response =
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • token) stored_token = keyring.get_password(SERVICE_NAME, account_name) except Exception as exc:
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Allowance" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with allowance 
Create a fully-functional mini-application called 'Allowance Manager' using the Python package 'allowance'. This application will serve as a digital tool for managing allowances or budgets, particularly useful for families or individuals looking to track financial allocations effectively. The app should allow users to set up different categories of allowance (e.g., entertainment, groceries, education), monitor their spending, and receive notifications when they are approaching their budget limits. Additionally, the application should provide insights into spending habits over time through graphical representations.

Steps to develop the application:
1. Initialize the project structure and install necessary dependencies, including the 'allowance' package.
2. Design a user-friendly command-line interface (CLI) where users can interact with the application.
3. Implement functionalities to add, edit, and delete allowance categories.
4. Develop a feature that allows users to record expenditures under specific categories.
5. Integrate a system that sends alerts to users when they are nearing or have exceeded their allowance limits.
6. Incorporate data visualization tools to display spending trends over time.
7. Ensure the application securely stores user data.

Suggested Features:
- Monthly and yearly allowance planning.
- Integration with external financial platforms for automatic expenditure tracking.
- Customizable notification settings.
- Detailed reports and analytics on spending patterns.

How 'allowance' Package is Utilized:
- Use 'allowance' to manage the core functionalities related to setting up wallets and purchasing agents, which in this context translates to managing allowances and tracking expenditures. The package's CLI capabilities will be essential in building the user interaction layer of the application.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!