altergo

v1.4.0 suspicious
6.0
Medium Risk

Don't break flow. Switch accounts. — N-account session manager for Claude Code, Gemini CLI, Codex, and Copilot

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium-level risks due to potential shell command execution and obfuscation techniques, which may be indicative of hidden malicious behavior.

  • High shell risk due to potential command injection
  • Significant obfuscation risk suggesting possible hiding of malicious behavior
Per-check LLM notes
  • Network: The network patterns suggest controlled redirection attempts which might be benign if intended for rate limiting or error handling.
  • Shell: Executing external commands without proper validation or sanitization poses a significant risk for potential malicious activities like command injection.
  • Obfuscation: The code appears to be obfuscating environment variable access, which could be used to mask or hide potentially malicious behavior.
  • Credentials: No clear patterns of credential harvesting are detected, but the manipulation of environment variables may still pose a risk.
  • Metadata: The maintainer has only one package, which could indicate a new or less active account, but there are no other red flags.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 7 test file(s) found

  • 7 test file(s) detected (e.g. test_arg_routing.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (18413 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 147 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in thepixelabs/altergo
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • class _CappedRedirect(urllib.request.HTTPRedirectHandler): max_redirections = 3
  • on_info.minor}" req = urllib.request.Request(UPDATE_PYPI_URL, headers={"User-Agent": ua})
  • Agent": ua}) opener = urllib.request.build_opener(_CappedRedirect()) with opener.open(req
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • , env={ **__import__("os").environ, # Point ALTERGO_ACCOUNTS_DIR isn't a r
  • text=True, env={**__import__("os").environ, "HOME": str(tmp_path)}, ) assert result.re
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • Process: try: r = subprocess.run( [SECURITY_CMD] + argv, capture_outp
  • AUTH_TOKEN"} try: subprocess.run([claude_bin, "setup-token"], env=setup_env) except Keybo
  • """ try: result = subprocess.run( ["tmux", "list-sessions", "-F", "#{session_name
  • ll = time.time() result = subprocess.run(cmd, env=run_env, cwd=launch_cwd) # Record the last sess
  • , ) result = subprocess.run(shell_cmd, env=run_env) _print_launch_message() retu
  • , ) result = subprocess.run(inner_cmd, env=run_env) _print_launch_message() retu
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository thepixelabs/altergo appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "thepixelabs" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with altergo 
Create a multi-account session management tool called 'SessionSwitcher' using the Python package 'altergo'. This tool will allow users to seamlessly switch between different accounts on platforms like Claude Code, Gemini CLI, Codex, and Copilot without breaking their current session or losing context.

Step 1: Define the Core Functionality
- Implement account management: Allow users to add, remove, and list accounts associated with the supported platforms.
- Session switching: Enable users to switch between sessions of different accounts instantly.
- Context preservation: Ensure that when switching accounts, any ongoing tasks or contexts are preserved as much as possible.

Step 2: Design the User Interface
- Command-line interface (CLI): Develop a user-friendly CLI that provides clear commands for adding, removing, listing, and switching accounts.
- Optional GUI: If time permits, consider developing a simple graphical user interface for ease of use.

Step 3: Integrate 'altergo'
- Utilize 'altergo' for managing multiple accounts and switching sessions efficiently.
- Explore how 'altergo' handles session persistence and context switching to implement similar functionality in 'SessionSwitcher'.

Step 4: Implement Additional Features
- Account-specific settings: Allow users to set up specific configurations or preferences for each account.
- Automatic session saving: Automatically save session states when switching accounts to ensure continuity.
- Logging and error handling: Implement logging to track actions and errors, enhancing usability and debugging capabilities.

Step 5: Testing and Documentation
- Thoroughly test 'SessionSwitcher' with various scenarios to ensure reliability and efficiency.
- Write comprehensive documentation detailing installation, configuration, usage, and troubleshooting tips.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!