alpha-strike

v0.7.1 suspicious
6.0
Medium Risk

Self-hosted webhook bridge from TradingView alerts to moomoo / OANDA brokers, with Cloudflare Tunnel + WAF reference architecture.

๐Ÿค– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a high network risk due to its external communication capabilities, while other risks such as shell execution, obfuscation, and credential handling are minimal. The metadata risk suggests a lack of community engagement and minimal maintainer information, raising concerns about the package's origin and intentions.

  • High network risk
  • Minimal community engagement
Per-check LLM notes
  • Network: The package makes network calls to an external host which could be used for unexpected communication or data exfiltration.
  • Shell: No shell execution patterns detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of secrets and credentials.
  • Metadata: The repository has low engagement and the maintainer's profile is minimal, raising some suspicion but not conclusive evidence of malice.

๐Ÿ“ฆ Package Quality Overall: Medium (6.2/10)

โœฆ High Test Suite 9.0

Test suite present โ€” 19 test file(s) found

  • Test runner config found: conftest.py
  • 19 test file(s) detected (e.g. conftest.py)
โ—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://alforgelabs.com/ja/docs/guides/alpha-strike-setup/
  • Detailed PyPI description (7748 chars)
โ—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
โ—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 80 type-annotated function signatures detected in source
โ—ˆ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in alforge-labs/alpha-strike
  • Two distinct contributors found

๐Ÿ”ฌ Heuristic Checks

โš  Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • try: with socket.create_connection((moomoo_host, moomoo_port), timeout=3): pass
  • ้šœๅฎณใซๅฏพใ—ใฆๆœ€ๅคง3ๅ›žใƒชใƒˆใƒฉใ‚คใ™ใ‚‹ใ€‚""" with socket.create_connection((host, port), timeout=3): pass # ๆŽฅ็ถš็ขบ่ชใฎใฟใ€‚ใ‚ณใƒณใƒ†ใ‚ญใ‚นใƒˆ็ต‚ไบ†ๆ™‚ใซ่‡ช
  • ty"] = priority req = urllib.request.Request( url, data=message.encode("utf-8"), head
  • ) _open = opener or urllib.request.urlopen try: with _open(req, timeout=tim
  • ๆœ€ๅคง3ๅ›žใƒชใƒˆใƒฉใ‚คใ™ใ‚‹ใ€‚""" response = requests.post(url, json=body, headers=headers, timeout=10) response.ra
โœ“ Code Obfuscation

No obfuscation patterns detected

โœ“ Shell / Subprocess Execution

No shell execution patterns detected

โœ“ Credential Harvesting

No credential harvesting patterns detected

โœ“ Typosquatting

No typosquatting candidates detected

โœ“ Registered Email Domain

Email domain looks legitimate: sakae.org>

โœ“ Suspicious Page Links

All external links appear legitimate

โš  Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
โš  Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
โœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

๐Ÿ’ก AI App Starter Prompt

Use this prompt to build a project with alpha-strike 
Your task is to develop a financial trading assistant app that integrates TradingView alert signals with your preferred brokerage platform (either moomoo or OANDA). This app will leverage the 'alpha-strike' Python package to set up a self-hosted webhook bridge, utilizing Cloudflare Tunnel and WAF for secure communication. Hereโ€™s a detailed breakdown of what your app should accomplish:

1. **Setup**: Begin by installing the necessary dependencies including the 'alpha-strike' package. Ensure you have access to both TradingView and your chosen brokerage platform.
2. **Configuration**: Configure the app to listen for specific TradingView alerts. Define conditions such as price movements, technical indicators, etc., that trigger these alerts.
3. **Webhook Bridge**: Use 'alpha-strike' to establish a secure connection between TradingView and your brokerage via a webhook. This involves setting up Cloudflare Tunnel to ensure your local server is accessible over the internet securely.
4. **Security Measures**: Implement Cloudflareโ€™s Web Application Firewall (WAF) to protect your webhook endpoint from unauthorized access and potential attacks.
5. **Action Execution**: When a TradingView alert is triggered, the app should automatically execute predefined actions on your brokerage account, such as placing orders or adjusting positions based on the alert criteria.
6. **Logging and Monitoring**: Incorporate logging mechanisms to track all transactions and alerts. Additionally, implement monitoring tools to ensure the app is running smoothly and to notify you of any issues.
7. **User Interface**: Develop a simple user interface where users can configure their alert settings, view logs, and monitor the status of their trades.
8. **Testing and Deployment**: Thoroughly test the app under various scenarios to ensure reliability. Once tested, deploy it to a production environment, ensuring it remains secure and efficient.

Suggested Features:
- Customizable alert conditions based on user-defined parameters.
- Real-time monitoring dashboard.
- Automated order execution with configurable parameters.
- Detailed transaction history and performance analytics.
- Secure login and authentication for multiple users.
- Integration with popular third-party services for extended functionality.

By following these steps and incorporating the suggested features, you'll create a powerful tool that enhances your trading strategy through automation and real-time market analysis.