anchor-kb

v0.2.0 suspicious
4.0
Medium Risk

Anchor — agent-first knowledge canvas with PDF ingest, FMU simulation, and source-grounded provenance

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some red flags, particularly concerning credential risk and minimal metadata effort, suggesting possible low-level malicious intent or negligence.

  • Potential credential harvesting via path traversal
  • Minimal metadata effort
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communications.
  • Shell: No shell execution patterns detected, indicating the package likely does not execute system commands.
  • Obfuscation: No signs of obfuscation detected.
  • Credentials: Potential risk of credential harvesting via path traversal techniques.
  • Metadata: The package appears to be newly created with minimal metadata, indicating low effort which could suggest potential risk, but no concrete evidence of malicious intent.

📦 Package Quality Overall: Low (4.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • 1 documentation file(s) (e.g. tags.py)
  • Detailed PyPI description (13655 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 261 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • d request like ``/api/../../../etc/passwd`` # would otherwise resolve to an arbitrary fil
  • r: a crafted name like ``../../etc/passwd.pdf`` or ``..\\..\\evil.fmu`` would otherwise escape the st
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "Christoffer Björkskog, Lamin Jatta" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with anchor-kb 
Create a mini-application called 'KnowledgeCanvas' using the Python package 'anchor-kb'. This application will serve as a user-friendly interface for managing and exploring knowledge extracted from PDF documents, along with simulating scenarios based on that knowledge.

Step 1: Set up the project environment by installing the required packages including 'anchor-kb'.

Step 2: Develop a feature within the application that allows users to upload PDF files. The application should then use 'anchor-kb' to parse the content of these PDFs, extracting key information into a structured format.

Step 3: Implement a search functionality where users can query the extracted knowledge. The application should return relevant sections from the PDFs based on the query, highlighting the context around the searched terms.

Step 4: Integrate a simulation module into the application using 'anchor-kb'. Users should be able to input parameters related to the extracted knowledge to simulate different scenarios and outcomes. For example, if the PDF contains data about economic models, users could simulate changes in variables like interest rates or inflation.

Step 5: Ensure the application maintains a log of all actions taken, including searches performed and simulations run. Each action should include a reference back to its source material within the uploaded PDFs, providing transparency and traceability of the knowledge used.

Suggested Features:
- User authentication and role-based access control for managing multiple users.
- Visual analytics dashboard for summarizing the results of simulations.
- Integration with external data sources to enrich the knowledge base.
- Collaboration tools allowing multiple users to work on the same set of documents simultaneously.

The 'anchor-kb' package is utilized throughout the application for its advanced capabilities in parsing, searching, and simulating knowledge from PDF documents, ensuring that the application remains robust, scalable, and grounded in reliable sources.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!