ankor

v0.5.160 suspicious
7.0
High Risk

Standalone workflow automation and monitoring for Python

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high obfuscation risk due to dynamic code execution and lacks essential metadata like author details and a GitHub repository, raising concerns about its provenance and purpose.

  • High obfuscation risk due to use of 'exec'
  • Missing author information and GitHub repository
Per-check LLM notes
  • Network: The network calls appear to be internal or localhost requests, which might be part of the package's functionality but could warrant further investigation.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of dynamic code execution via 'exec' indicates potential obfuscation or evasion techniques, raising suspicion.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The package shows some red flags such as missing author information and a lack of a GitHub repository, but there's no clear evidence of malicious intent or typosquatting.

πŸ“¦ Package Quality Overall: Low (3.8/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1349 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 211 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked β€” contributor count unavailable

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • } async with httpx.AsyncClient(timeout=_ai_request_timeout()) as client: respon
  • } async with httpx.AsyncClient(timeout=_ai_request_timeout()) as client: async
  • ponse: async with httpx.AsyncClient() as client: url = f"http://localhost:{vite_
⚠ Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • c_source(source_code) exec(compile(tree, f"<ankor-node:{name}>", "exec"), namespace)
  • c_source(source_code) exec(compile(tree, f"<ankor-workflow:{name}>", "exec"), namespace)
  • rce(source_code) exec(compile(tree, f"<ankor-node:{name}>", "exec"), namespace) raw_fn = namespace.get("run") or nam
  • rce(source_code) exec(compile(tree, f"<ankor-workflow:{name}>", "exec"), namespace) raw_fn = namespace.get("run") or nam
βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with ankor 
Your task is to develop a small but functional utility using the Python package 'ankor'. This utility will automate the process of monitoring and managing a simple web server's uptime status and performance metrics. Here’s a detailed breakdown of the project requirements and steps:

1. **Project Overview**: Create a utility named 'WebMonitor' which periodically checks the uptime status and performance metrics (e.g., response time, server load) of a specified web server.
2. **Core Features**:
   - **Uptime Monitoring**: Continuously monitor if the web server is up and running.
   - **Performance Metrics**: Collect and store basic performance metrics like response time and server load.
   - **Alerting Mechanism**: Send alerts via email or SMS when the server is down or when certain thresholds (e.g., response time > 500ms) are breached.
3. **Using Ankor**:
   - **Workflow Automation**: Use 'ankor' to define workflows that handle the monitoring tasks, including periodic checks and alerting processes.
   - **Monitoring and Logging**: Leverage 'ankor's monitoring capabilities to log the status and performance data efficiently.
4. **Development Steps**:
   - Step 1: Set up your development environment with Python and install 'ankor'.
   - Step 2: Define a workflow in 'ankor' to perform periodic HTTP requests to the target web server.
   - Step 3: Implement logic to parse the response and extract performance metrics.
   - Step 4: Integrate 'ankor' to schedule these checks at regular intervals.
   - Step 5: Implement an alerting system using an external service (e.g., SMTP for emails).
   - Step 6: Utilize 'ankor's logging capabilities to keep track of all monitoring activities and events.
5. **Additional Enhancements** (Optional):
   - **Dashboard**: Develop a simple dashboard using Flask or a similar framework to visualize the collected data.
   - **Database Integration**: Store the monitoring data in a database (e.g., SQLite, PostgreSQL) for historical analysis.

This project aims to showcase 'ankor's capabilities in workflow automation and monitoring within a practical context.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!