anytechie-graphify

v0.4.41 suspicious
8.0
High Risk

AI coding assistant skill (Claude Code, Codex, OpenCode, Cursor, Gemini CLI, Aider, OpenClaw, Factory Droid, Trae, Hermes, Kiro, Google Antigravity) - turn any folder of code, docs, papers, images, or videos into a queryable knowledge graph

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high credential risk due to an attempt to access '/etc/passwd'. Combined with low maintainer activity and poor metadata quality, this raises significant concerns about its legitimacy.

  • High credential risk
  • Poor metadata quality
  • Low maintainer activity
Per-check LLM notes
  • Network: The network calls seem to be part of normal package functionality, possibly for updating or fetching resources.
  • Shell: The use of subprocess for git operations may indicate package maintenance or version control interactions, but could also signify unintended behavior if not properly controlled.
  • Obfuscation: No signs of obfuscation techniques are present.
  • Credentials: The code attempts to fetch 'file:///etc/passwd', which may indicate an attempt to access sensitive system files, suggesting potential malicious activity.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising suspicion but without clear evidence of malice.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 26 test file(s) found

  • 26 test file(s) detected (e.g. test_analyze.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (26739 chars)
✦ High Contributing Guide 9.0

Has contribution guidelines and governance files

  • Governance file: governance.py
  • Governance file: security.py
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 311 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ad).encode("utf-8") req = urllib.request.Request(url, data=body, headers=headers, method="POST")
  • ders, method="POST") with urllib.request.urlopen(req, timeout=timeout) as resp: return json.l
  • model}&seed=42" req = urllib.request.Request(url, headers={"User-Agent": "graphify/0.4"}, method=
  • }, method="GET") with urllib.request.urlopen(req, timeout=30) as resp: return resp.re
  • class _NoFileRedirectHandler(urllib.request.HTTPRedirectHandler): """Redirect handler that re-valida
  • url) def _build_opener() -> urllib.request.OpenerDirector: return urllib.request.build_opener(_NoFi
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • old_graph_data = subprocess.check_output( ["git", "show", f"{target_ref}:graphify-out
  • """ try: result = subprocess.run( ["git", "-C", str(root), "config", "core.hooksP
  • _date}"] result = subprocess.run( cmd, cwd=self.repo_path,
  • (tmp_path: Path) -> Path: subprocess.run(["git", "init", str(tmp_path)], check=True, capture_output=T
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • validate_url("file:///etc/passwd") def test_validate_url_rejects_ftp(): with pytest.rai
  • ): safe_fetch("file:///etc/passwd") def test_safe_fetch_rejects_ftp_url(): with pytest.r
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with anytechie-graphify 
Create a Python-based mini-application named 'CodeInsight' that leverages the 'anytechie-graphify' package to transform a given directory of Python projects into a searchable knowledge graph. This application will serve as a powerful tool for developers to explore, understand, and navigate through their codebase more efficiently.

### Step-by-Step Guide:
1. **Setup Environment**: Ensure Python 3.8+ is installed on your system. Install necessary packages including 'anytechie-graphify'.
2. **Input Directory Selection**: Allow users to input the path to a directory containing multiple Python projects.
3. **Graph Creation**: Use 'anytechie-graphify' to process the input directory and generate a knowledge graph from the code, documentation, and any other textual content found within the projects.
4. **Query Interface**: Develop a simple command-line interface (CLI) that allows users to query the generated graph for information such as function definitions, variable usage, module dependencies, etc.
5. **Visualization**: Implement basic visualization capabilities to display parts of the graph in a user-friendly manner, e.g., showing relationships between classes or functions.
6. **Export Functionality**: Provide options to export the graph data into formats like JSON or DOT for further analysis or integration with other tools.
7. **Advanced Features**:
   - **Search Suggestions**: As users type queries, suggest relevant keywords or phrases based on the graph structure.
   - **Dependency Analysis**: Analyze and highlight dependencies between different modules or packages within the projects.
   - **Documentation Links**: For each element in the graph (function, class, variable), provide links back to the original documentation or source code where applicable.
8. **Testing & Validation**: Test the application with a set of predefined queries and directories to ensure it meets the requirements and works correctly across different scenarios.

### Utilizing 'anytechie-graphify':
- Import the package and use its main functions to parse the directory contents into a structured format suitable for graph creation.
- Leverage 'anytechie-graphify'’s ability to handle various types of content (code, text files, etc.) to enrich the graph with comprehensive details about the projects.
- Explore 'anytechie-graphify'’s advanced querying capabilities to implement sophisticated search functionalities within 'CodeInsight'.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!