antemortem

v0.10.2 suspicious
7.0
High Risk

CLI for pre-diff risk classification with schema validation and disk-verified citations.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high credential risk and low to moderate levels of other potential threats. This suggests possible malicious intent, particularly in credential harvesting.

  • High credential risk due to harvesting credentials from common directories
  • Maintainer has only one package, indicating a potentially new or less active account
Per-check LLM notes
  • Network: No network calls detected, which is typical and safe.
  • Shell: Shell executions appear to be related to version control operations and do not indicate malicious activity.
  • Obfuscation: The obfuscation pattern detected is not strongly indicative of malicious activity; it could be part of a normal function to join strings with newline characters.
  • Credentials: The paths listed suggest that the package may be harvesting credentials from common directories, which is highly suspicious and likely indicates an attempt to steal sensitive information.
  • Metadata: The maintainer has only one package, suggesting a new or less active account which may warrant further investigation.

πŸ“¦ Package Quality Overall: Medium (5.2/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/hibou04-ops/antemortem-cli#readme
  • Detailed PyPI description (73533 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 131 type-annotated function signatures detected in source
β—ˆ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 61 commits in hibou04-ops/antemortem-cli
  • Two distinct contributors found

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • return "\n".join(rows) def eval( # noqa: A001 path: Path = typer.Argument( # noqa: B00
⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • " try: commit = subprocess.run( ["git", "rev-parse", "HEAD"], cwd
  • clean tree. status = subprocess.run( ["git", "status", "--porcelain"],
⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • b", "**/.ssh/**", "**/.aws/credentials", "**/.netrc", "**/known_hosts", ) DEFAULT_MAX_FIL
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository hibou04-ops/antemortem-cli appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "hibou04-ops" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with antemortem 
Create a data integrity checker tool using the 'antemortem' package in Python. This tool will serve as a pre-diff risk classifier, helping users identify potential issues in their datasets before they are diffed or compared against other versions. The application should allow users to input a dataset and a schema, then perform schema validation and disk-verified citation checks to ensure data integrity. Here’s a step-by-step guide on how to build it:

1. **Setup Environment**: Start by setting up your Python environment. Ensure you have Python installed and create a virtual environment for your project.
2. **Install Dependencies**: Install the 'antemortem' package along with any other necessary Python packages such as pandas for data manipulation and Flask for creating a simple web interface.
3. **Define Schema**: Allow users to define a schema for their data. This could be done via a YAML file upload or through a form on the web interface.
4. **Data Input**: Enable users to upload their dataset through the web interface. Ensure the dataset can be in various formats like CSV, Excel, or JSON.
5. **Schema Validation**: Implement a feature to validate the uploaded dataset against the defined schema using the 'antemortem' package. Display any discrepancies found during this process.
6. **Disk-Verified Citations Check**: Use 'antemortem' to perform disk-verified citations checks on the dataset. This involves verifying that each record points correctly to the data on disk, ensuring no corruption or misplacement has occurred.
7. **Risk Classification**: Based on the results of the schema validation and disk-verified citations check, classify the dataset's risk level (e.g., high, medium, low). Provide a summary report to the user detailing the findings and risk level.
8. **User Interface**: Develop a clean and intuitive user interface using Flask. Include options for uploading files, viewing the schema, and seeing the results of the checks performed.
9. **Testing**: Thoroughly test your application with different datasets and schemas to ensure accuracy and reliability.
10. **Documentation**: Write clear documentation explaining how to use the tool, including setup instructions, usage examples, and troubleshooting tips.

By following these steps, you'll create a powerful and user-friendly data integrity checker that leverages the capabilities of the 'antemortem' package.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!