antislope-ai

v0.1.1 suspicious
4.0
Medium Risk

Local AI coding supervision layer — watches your code, runs on-device review, surfaces findings via MCP

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to potential network and shell execution vulnerabilities. However, it lacks obfuscation and credential harvesting activities, reducing immediate threat levels.

  • moderate network risk
  • high shell execution risk
  • low maintainer activity
Per-check LLM notes
  • Network: The network calls suggest the package may be making external API requests, which could potentially be used for data exfiltration if not properly secured or documented.
  • Shell: The shell execution patterns indicate that the package might execute system commands, posing a risk if these commands are not intended by the user and could be exploited for unauthorized actions.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: Suspicious non-HTTPS links and low maintainer activity suggest potential risk.

📦 Package Quality Overall: Low (4.6/10)

✦ High Test Suite 9.0

Test suite present — 3 test file(s) found

  • 3 test file(s) detected (e.g. test_dashboard_group_status.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4523 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 114 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 14 commits in zcj220/antislope-ai
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • t": "json"} request = urllib.request.Request( f"{self.base_url}/api/generate",
  • try: with urllib.request.urlopen(request, timeout=self.timeout_seconds) as response:
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • ) try: result = subprocess.run(["osascript", "-e", script], capture_output=True, text=True,
  • cwd() try: root = subprocess.run( ["git", "rev-parse", "--show-toplevel"],
  • try: output = subprocess.run( command, cwd=repo_root,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8771
  • Non-HTTPS external link: http://127.0.0.1:8771/mcp`
  • Non-HTTPS external link: http://127.0.0.1:8771/mcp
Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with antislope-ai 
Develop a Python-based code quality analysis tool named 'CodeGuardian' using the 'antislope-ai' package. This tool will serve as an in-development environment assistant, providing real-time feedback on code quality and adherence to best practices. The application should be able to perform the following tasks:

1. **Real-Time Code Analysis**: As developers write code within an integrated development environment (IDE), CodeGuardian should analyze the code snippet in real-time, identifying potential issues such as unused variables, redundant imports, style violations, and performance inefficiencies.
2. **On-Device Review**: Implement a feature where the tool reviews code locally on the developer's machine without needing internet access. This ensures privacy and immediate feedback.
3. **Findings Surface via MCP**: Use the Monitoring & Control Protocol (MCP) provided by 'antislope-ai' to surface findings directly within the IDE. For example, highlighting problematic lines of code, suggesting improvements, and providing links to relevant documentation.
4. **Customizable Rules**: Allow users to customize the rules and severity levels of the code analysis. Users should be able to add their own custom checks or disable certain default ones based on their project requirements.
5. **Integration with Popular IDEs**: Ensure that CodeGuardian can integrate smoothly with popular IDEs like VSCode, PyCharm, and Jupyter Notebooks. This integration should include live feedback as well as post-commit analysis.
6. **Learning Mode**: Incorporate a learning mode where CodeGuardian learns from the user's corrections over time, improving its suggestions and becoming more tailored to the developer's coding style and preferences.

The 'antislope-ai' package will be utilized primarily for its local AI capabilities, enabling real-time analysis and on-device review functionalities. Additionally, it will facilitate the communication between CodeGuardian and the IDE via the MCP protocol, ensuring that all findings are presented in a user-friendly manner.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!