amina-cli

v0.5.5 suspicious
4.0
Medium Risk

CLI for AminoAnalytica protein engineering platform

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its potential network and shell command usage, which may be legitimate but require further scrutiny to ensure they do not pose a threat.

  • moderate network risk
  • high shell risk
Per-check LLM notes
  • Network: The network calls may be part of the package's functionality to communicate with an API, but further investigation is needed to confirm legitimacy.
  • Shell: Executing shell commands could indicate legitimate functionality like running tools, but it also poses a risk for potential unauthorized access or command execution.
  • Obfuscation: No obfuscation patterns detected in the package.
  • Credentials: The mention of storing credentials for AWS and Stripe is likely related to legitimate functionality, such as interacting with these services rather than harvesting secrets.

📦 Package Quality Overall: Low (3.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://docs.aminoanalytica.com
  • Detailed PyPI description (11724 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 186 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • r {api_key}"} async with httpx.AsyncClient(timeout=60.0) as client: # ═════════════════════════
  • id, job_name) async with httpx.AsyncClient(timeout=60.0) as client: try: response =
  • ompute_type}" async with httpx.AsyncClient(timeout=30.0) as client: try: response =
  • i_key else {} async with httpx.AsyncClient(timeout=30.0) as client: try: response =
  • _id={job_id}" async with httpx.AsyncClient(timeout=30.0) as client: try: response =
  • r {api_key}"} async with httpx.AsyncClient(timeout=timeout) as client: try: respons
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • a") if amina_cmd: subprocess.run([amina_cmd, "run", tool_name, "--help"]) else: #
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • openai - AWS CLI: stores in ~/.aws/credentials - Stripe CLI: stores in ~/.config/stripe """ import contex
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: aminoanalytica.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with amina-cli 
Build a simple Python application using the amina-cli package to demonstrate its core features.