ampio-mqtt

v0.6.0 suspicious
4.0
Medium Risk

Async client for the Ampio Smart Home MQTT protocol

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low risk in terms of network calls, shell execution, and obfuscation. However, the metadata risk score is elevated due to low activity and a new maintainer, raising concerns about its legitimacy.

  • Low activity and engagement
  • New maintainer
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communication.
  • Shell: No shell execution patterns detected, indicating no immediate signs of malicious activities such as code injection.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows low activity and engagement, with a new maintainer and repository. This raises some concerns about its legitimacy.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 8 test file(s) found

  • Test runner config found: pyproject.toml
  • 8 test file(s) detected (e.g. test_classify.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4458 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 100 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 42 commits in pszypowicz/ampio-mqtt
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Package is very new: uploaded 3 day(s) ago
  • Author "pszypowicz" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ampio-mqtt 
Create a smart home automation system using the 'ampio-mqtt' Python package. This system should allow users to control various devices in their home such as lights, thermostats, and security systems through a simple command-line interface or web dashboard. The application should be able to connect to the Ampio Smart Home MQTT broker, subscribe to relevant topics, and publish commands to control these devices.

### Core Features:
1. **Device Control**: Users should be able to turn lights on/off, adjust thermostat settings, and arm/disarm the security system directly from the interface.
2. **Status Updates**: Real-time updates on device status (e.g., current temperature, light level, security status) should be displayed to the user.
3. **Event Logging**: Maintain a log of all events (device state changes, commands issued) for troubleshooting and historical purposes.
4. **User Interface**: Develop either a command-line interface (CLI) or a basic web-based dashboard for interaction.
5. **Security**: Ensure secure communication between the application and the MQTT broker using TLS encryption.

### Implementation Steps:
1. **Setup Environment**: Install necessary Python packages including 'ampio-mqtt', and any other dependencies needed for your chosen UI framework.
2. **Connection Management**: Use 'ampio-mqtt' to establish a secure connection to the Ampio Smart Home MQTT broker. Handle reconnection logic in case of disconnections.
3. **Subscription & Publishing**: Subscribe to topics related to different devices (lights, thermostat, security) and implement functions to publish control commands to these topics.
4. **Real-Time Updates**: Implement real-time updates by listening to messages from subscribed topics and updating the UI accordingly.
5. **Logging Mechanism**: Integrate logging to capture and store important events for future reference.
6. **UI Development**: Choose between developing a CLI tool or a web-based dashboard. For a web UI, consider frameworks like Flask or Django; for a CLI, use argparse or similar libraries.
7. **Testing & Deployment**: Test your application thoroughly in a simulated environment before deploying it in a live setting. Consider containerization for easy deployment.

### Utilizing 'ampio-mqtt':
- Use 'ampio-mqtt.Client()' to create an instance of the MQTT client.
- Implement 'client.connect()' to establish a secure connection to the broker.
- Use 'client.subscribe()' to listen to specific topics for updates.
- Implement 'client.publish()' to send control commands to devices.
- Ensure proper handling of callbacks for message reception and error handling.

This project aims to demonstrate the power and flexibility of the 'ampio-mqtt' package in building practical, real-world applications.