AI Analysis
Final verdict: SUSPICIOUS
The package is rated suspicious due to its potential shell execution risks and obfuscation practices, despite having no detected network calls or credential harvesting attempts.
- Potential shell execution that could interact with system clipboard or run AppleScript
- Use of base64 encoding for path resolution indicating possible code obfuscation
Per-check LLM notes
- Network: No network calls detected.
- Shell: Shell execution patterns may indicate an attempt to interact with system clipboard or run AppleScript, which could be legitimate but also suggests potential for misuse.
- Obfuscation: The use of base64 encoding for decoding and resolving paths may indicate an attempt to obfuscate code, but it could also be a legitimate practice in some applications.
- Credentials: No clear patterns indicative of credential harvesting were found.
Package Quality Overall: Low (3.4/10)
○ Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (4449 chars)
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
107 type-annotated function signatures detected in source
○ Low
Multiple Contributors
2.0
Single-author or unverifiable project
1 unique contributor(s) across 1 commits in sagar-1199/anvil-harnessSingle author with few commits — possibly a personal or throwaway project
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
score 2.0
Found 1 obfuscation pattern(s)
try: path = base64.b64decode(encoded).decode("utf-8") resolved = str(Path(pat
Shell / Subprocess Execution
score 8.0
Found 4 shell execution pattern(s)
try: subprocess.run( ["/usr/bin/pbcopy"],import subprocess subprocess.run( ["/usr/bin/pbcopy"], input=) try: subprocess.Popen( ["/usr/bin/osascript", "-e", script,s.""" try: proc = subprocess.run( [cli_path, "--version"], capture_ou
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 7.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forksVery few commits: 1 totalSingle contributor with only 1 commit(s) — possibly throwaway account
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "Vidyasagar Chamle" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with anvil-harness
Create a mini-application named 'AnvilCodeMate' using the Python package 'anvil-harness'. This application will serve as a coding assistant for developers, providing a terminal-based interface where users can interact with AI coding agents such as Claude Code or Codex. The goal is to make the process of writing code more efficient by allowing users to ask questions about code, get suggestions, and even write entire functions with minimal effort. The application should have the following core functionalities: 1. **Project Management**: Users should be able to create, open, and manage multiple coding projects within the application. Each project should be stored locally on the user's machine and should include a history of all interactions within the project. 2. **Conversation History**: Maintain a conversation history for each project, which includes past queries and responses from the AI coding agent. This history should be accessible and searchable, allowing users to review previous interactions. 3. **Cross-Project Memory**: Implement a feature that allows the AI coding agent to reference information across different projects. For example, if a user asks about a function that was previously defined in another project, the AI should be able to recall it and provide relevant context. 4. **Interactive Coding Assistance**: Enable users to ask specific questions about their code, receive suggestions, or even request the AI to write portions of the code based on the user's specifications. 5. **Customizable Interface**: Provide options for users to customize the look and feel of the terminal interface, including color schemes and font styles. To utilize the 'anvil-harness' package, follow these steps: 1. Set up the environment by installing the required dependencies, including 'anvil-harness'. 2. Initialize the TUI (Text User Interface) provided by 'anvil-harness', configuring it to integrate with your chosen AI coding agent. 3. Develop the project management system by implementing commands to create, delete, and switch between projects. Use 'anvil-harness' to store and retrieve project data efficiently. 4. Implement the conversation history feature by saving each interaction in a structured format and allowing users to navigate through past conversations easily. 5. Implement cross-project memory by storing relevant project information in a centralized database or file that the AI can access when needed. 6. Integrate the interactive coding assistance feature by setting up prompts for users to input their queries and processing these inputs through the AI agent. Ensure that the responses are displayed back to the user in a clear and understandable manner. 7. Finally, enhance the user experience by adding customizable settings for the terminal interface. By following these guidelines, you will create a powerful and user-friendly coding assistant that leverages the capabilities of 'anvil-harness' to streamline the development process.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue