anycloud-sdk

v0.1.19 suspicious
6.0
Medium Risk

Python SDK for anycloud — submit jobs, run workloads on any cloud

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits potential risks due to network and shell execution behaviors, though the likelihood of malicious intent is not strongly indicated.

  • Hardcoded HTTP request URLs
  • Execution of git commands
Per-check LLM notes
  • Network: The use of HTTP requests is common, but specifying a hardcoded URL ('http://test') might indicate unusual behavior unless documented.
  • Shell: Executing git commands could be legitimate for version control operations, but the specific actions (clone, cat-file, fetch, checkout) may imply interaction with external repositories which could pose risks if not properly controlled.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code snippet suggests legitimate retrieval of environment variables for authentication purposes, but it also poses a risk as it may expose credentials if not handled securely.
  • Metadata: The package shows some signs of low maintainer activity and poor metadata quality, but there's no direct evidence of malicious intent.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

  • Test runner config found: conftest.py
  • 5 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2096 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 130 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • ip("/") self._http = httpx.Client(base_url=self._base_url, timeout=30.0) self._credent
  • as ac: ac._http = httpx.Client(transport=transport, base_url="http://test") job
  • as ac: ac._http = httpx.Client(transport=httpx.MockTransport(handler), base_url="http://tes
  • as ac: ac._http = httpx.Client(transport=transport, base_url="http://test") wit
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • {repo}.git" try: subprocess.run( ["git", "clone", "--depth", "1", url, target],
  • t include it try: subprocess.run( ["git", "cat-file", "-t", commit],
  • s.CalledProcessError: subprocess.run( ["git", "fetch", "--depth", "1", "origin", comm
  • ue, text=True, ) subprocess.run( ["git", "checkout", commit], cwd=target, ch
  • ipped stdout.""" result = subprocess.run( ["git", *args], cwd=cwd, capture_ou
  • d(0o600) result = subprocess.run( [ "ssh",
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • rror: pass return os.environ.get("GITHUB_TOKEN", "") def _quote(s: str) -> str: """URL-encode a path
  • ig["repo"], config["commit"], os.environ.get("GITHUB_TOKEN", ""), target) # Stub the anycloud package so user mod
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with anycloud-sdk 
Develop a cloud workload orchestrator using the 'anycloud-sdk' Python package. This mini-application will serve as a user-friendly interface for submitting and managing jobs across various cloud providers. The application should allow users to define their workload specifications, choose the desired cloud environment, and monitor the job status and results.

**Core Features:**
1. **Job Submission**: Users should be able to input job details such as the type of workload (e.g., batch processing, machine learning training), required resources (CPU, memory, storage), and specific parameters.
2. **Cloud Environment Selection**: Provide a simple interface for selecting the target cloud provider from a list supported by 'anycloud-sdk'.
3. **Job Monitoring**: Implement a dashboard that displays the current status of submitted jobs, including start time, estimated completion time, and final result.
4. **Result Retrieval**: Once a job completes, the application should automatically retrieve and display the results.
5. **Error Handling**: Include robust error handling to manage issues like invalid inputs, failed job submissions, and unexpected errors during execution.
6. **User Authentication**: Integrate basic authentication mechanisms to ensure only authorized users can submit and manage jobs.

**How 'anycloud-sdk' is Utilized:**
- Use 'anycloud-sdk' to abstract away the complexities of interacting with different cloud APIs, allowing seamless job submission and management across multiple cloud environments.
- Leverage 'anycloud-sdk' functions to handle the creation, monitoring, and deletion of cloud resources necessary for executing the specified workloads.
- Employ 'anycloud-sdk' to retrieve job outputs and statuses efficiently, providing real-time updates to the user interface.