aoai_proxy

v0.1.12 suspicious
4.0
Medium Risk

OpenAI-compatible proxy for Azure OpenAI using Entra ID authentication

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to low maintainer activity and poor metadata quality, despite showing no immediate malicious activities like credential harvesting or shell execution.

  • Low maintainer activity
  • Poor metadata quality
Per-check LLM notes
  • Network: The package uses network calls which seem to be for making HTTP requests with an asynchronous client, likely for intended functionality.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, which may indicate potential risks.

📦 Package Quality Overall: Low (4.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4012 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 21 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 18 commits in rioriost/aoai_proxy
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • ntial() self.client = httpx.AsyncClient( timeout=httpx.Timeout(config.request_timeout_se
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: rio.st>

Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8000/healthz
  • Non-HTTPS external link: http://127.0.0.1:8000/v1/models
  • Non-HTTPS external link: http://127.0.0.1:8000/v1/responses
Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aoai_proxy 
Create a Python-based mini-application called 'AzureChat' that serves as a command-line interface (CLI) for interacting with Azure OpenAI services through the 'aoai_proxy' package. This application will allow users to authenticate via Entra ID, select different models available on Azure OpenAI, and send prompts to receive responses from the AI model. The application should include the following features:

1. User Authentication: Implement a seamless user authentication process using Entra ID credentials provided by the user.
2. Model Selection: Allow users to choose from a variety of models available on their Azure OpenAI instance, such as text-davinci-003 or ada.
3. Prompt Sending: Enable users to input text prompts and receive responses from the selected AI model.
4. History Management: Keep a record of previous interactions between the user and the AI model, allowing users to review past conversations.
5. Customization Options: Provide options for adjusting parameters like temperature and max tokens to fine-tune the AI response.
6. Error Handling: Implement robust error handling to manage issues such as invalid inputs, authentication failures, or API rate limits.
7. Help Documentation: Include a help menu within the CLI that provides guidance on commands and options available in the application.

To achieve these features, the 'aoai_proxy' package will be utilized to establish a secure connection to Azure OpenAI services, handle Entra ID authentication, and facilitate communication with the chosen AI model. The application should be designed with modularity and readability in mind, making it easy for other developers to extend or modify its functionality.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!