amazon-sp-cli

v0.3.3 suspicious
4.0
Medium Risk

CLI tool for Amazon Selling Partner API (SP-API) operations

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to potential unauthorized system access via shell commands and a lack of community engagement. However, there's no evidence of malicious intent.

  • High shell risk
  • Low community engagement
Per-check LLM notes
  • Network: Network calls to endpoints may be legitimate for authentication or service interaction.
  • Shell: Executing shell commands without capturing output is risky and could indicate potential for unauthorized system access.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The maintainer seems new or inactive, and the repository lacks community engagement.

πŸ“¦ Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present β€” 7 test file(s) found

  • Test runner config found: pyproject.toml
  • 7 test file(s) detected (e.g. __init__.py)
β—‹ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 31 type-annotated function signatures detected in source
β—ˆ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 63 commits in stellaraether/amazon-sp-cli
  • Single author but highly active (63 commits)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • token.""" response = requests.post( self.TOKEN_ENDPOINT, headers={"Cont
  • s()} post_response = requests.post( base_url, data=form_fields,
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • -sp-cli...") result = subprocess.run(cmd, capture_output=False) if result.returncode !=
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: stellaraether.com

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Lunan Li" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with amazon-sp-cli 
Your task is to create a fully-functional mini-application that leverages the 'amazon-sp-cli' package to manage inventory and orders for an online store on Amazon. This application will allow users to automate several key tasks such as listing products, updating inventory levels, retrieving order details, and more. Here’s a detailed breakdown of what your application should accomplish:

1. **Authentication Setup**: Start by guiding the user through setting up authentication with the Amazon Selling Partner API using 'amazon-sp-cli'. Ensure the application securely stores the necessary credentials.
2. **Inventory Management**:
   - Allow users to add new products to their inventory by specifying product details such as title, description, price, and quantity.
   - Provide functionality to update existing product listings, including changing prices, quantities, or other details.
   - Implement a feature to retrieve the current inventory status, showing all listed products along with their available quantities.
3. **Order Processing**:
   - Enable users to fetch order details, including customer information, order date, and item specifics.
   - Include an option to mark orders as shipped, which would update the corresponding inventory levels accordingly.
4. **Reporting**:
   - Create a simple reporting system that generates daily summaries of sales, inventory changes, and pending orders.
5. **User Interface**: Design a clean, intuitive command-line interface (CLI) that guides users through each action with clear prompts and feedback messages.

Throughout the development process, utilize the 'amazon-sp-cli' package to handle all interactions with the Amazon Selling Partner API, ensuring efficient and secure data transmission. Your final application should demonstrate proficiency in integrating third-party APIs and handling sensitive user data.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!