anvil-eval

v0.4.0 suspicious
5.0
Medium Risk

A research-first, evaluation-first inference library.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to potential code obfuscation aimed at hiding malicious activities, despite having low risks in other categories.

  • Code obfuscation techniques detected
  • Single package from the author
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communications.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: The code shows signs of obfuscation through partial function calls and variable assignments which may hinder readability and could be used to hide malicious intent.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The author has only one package, suggesting a potentially new or less active maintainer.

📦 Package Quality Overall: Low (4.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (11078 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 160 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 33 commits in bishoymoussa/anvil
  • Single author but highly active (33 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • try: result = anvil.eval( model=model, tasks=task_list,
  • from exc self._model.eval() self._device = next(self._model.parameters()).devi
  • eos_token self.model.eval() # type: ignore[no-untyped-call] self._device = ne
  • .10). Reconstruct an ``anvil.eval(...)`` invocation from a saved manifest and re-execute it. I
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository bishoymoussa/anvil appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Anvil contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with anvil-eval 
Create a web-based mini-application using Python and the 'anvil-eval' package that serves as an interactive platform for evaluating different machine learning models. This application should allow users to upload their datasets, select from a variety of pre-configured ML models, and then run evaluations on these models using the 'anvil-eval' library. The application should also provide visualizations of the evaluation results, including metrics like accuracy, precision, recall, F1 score, etc.

### Steps to Build the Application:
1. **Setup the Environment**: Install necessary packages including Flask for the backend, Pandas for data manipulation, and 'anvil-eval' for model evaluation.
2. **Design the User Interface**: Use HTML/CSS/JavaScript to design a simple yet user-friendly interface where users can upload datasets, select models, and view results.
3. **Backend Development**: Implement the backend logic using Flask. Ensure it handles file uploads, model selection, and invoking 'anvil-eval' functions to evaluate the models.
4. **Model Evaluation**: Utilize 'anvil-eval' to perform evaluations on the selected models with the provided dataset. Capture the output metrics and prepare them for display.
5. **Results Visualization**: Display the evaluation results in an easily understandable format, such as charts or tables.
6. **Testing & Deployment**: Test the application thoroughly and deploy it on a platform like Heroku or AWS.

### Features:
- **Dataset Upload**: Allow users to upload CSV files containing their datasets.
- **Model Selection**: Provide a dropdown menu allowing users to choose from a set of predefined ML models (e.g., Logistic Regression, Decision Trees, Random Forests).
- **Real-time Progress**: Show real-time progress bars while the application is processing the dataset and performing evaluations.
- **Detailed Results**: Present detailed results including confusion matrices, ROC curves, and other relevant metrics.
- **User Authentication**: Implement basic user authentication to allow users to save and track their evaluations over time.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!