Package Metadata

Author: —
Email: Apache Software Foundation <[email protected]>
PyPI: apache-airflow-providers-ssh
Python: >=3.10
Versions: 121 releases
First release: 09 Nov 2020, 22:46 UTC
Analysed: 07 Jun 2026, 07:37 UTC
Source files: 31 .py files scanned

Project Links

Bug Tracker Changelog Documentation Mastodon Slack Chat Source Code YouTube

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleEnvironment :: Web EnvironmentFramework :: Apache AirflowFramework :: Apache Airflow :: ProviderIntended Audience :: DevelopersIntended Audience :: System AdministratorsProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12

🤖 AI Analysis

Final verdict: SAFE

The package has a low risk score primarily due to its use of subprocess.Popen and unusual encoding methods, which may indicate obfuscation. However, there are no clear signs of malicious intent or supply-chain attack.

Unusual encoding methods
Use of subprocess.Popen

Per-check LLM notes

Network: The network patterns indicate a connection to localhost on a specific port, which is likely for testing or local development purposes and not indicative of malicious activity.
Shell: The shell execution pattern suggests the use of subprocess.Popen for running external commands, which could be part of legitimate functionality but should be reviewed for proper validation and sanitization to avoid command injection risks.
Obfuscation: The use of base64 decoding followed by utf-16-le decoding is unusual and may indicate obfuscation, but without more context, it's hard to determine the exact purpose.
Credentials: No clear patterns indicative of credential harvesting were detected.
Metadata: The package shows some red flags like a missing author name and a single package associated with the author's account, but there are no clear signs of typosquatting or malicious intent.

📦 Package Quality Overall: Medium (7.8/10)

✦ High Test Suite 9.0

Test suite present — 14 test file(s) found

Test runner config found: conftest.py
14 test file(s) detected (e.g. conftest.py)

✦ High Documentation 9.0

Well-documented package

Documentation URL: "Documentation" -> https://airflow.apache.org/docs/apache-airflow-providers-ssh
1 documentation file(s) (e.g. conf.py)
Detailed PyPI description (3545 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Type checker (mypy / pyright / pytype) referenced in project
46 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

46 unique contributor(s) across 100 commits in apache/airflow
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

= socket.socket() socket.connect(("localhost", 2135)) response = socket.recv(5)
ssh_conn_id) client = paramiko.SSHClient() if self.allow_host_key_change: self.l

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

)[1] decoded_script = base64.b64decode(encoded_script).decode("utf-16-le") assert "New-Item
)[1] decoded_script = base64.b64decode(encoded_script).decode("utf-16-le") assert "Seek(100
)[1] decoded_script = base64.b64decode(encoded_script).decode("utf-16-le") assert "Get-Item
)[1] decoded_script = base64.b64decode(encoded_script).decode("utf-16-le") assert "Test-Pat
)[1] decoded_script = base64.b64decode(encoded_script).decode("utf-16-le") assert "Stop-Pro
)[1] decoded_script = base64.b64decode(encoded_script).decode("utf-16-le") assert "Remove-I

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

) with ( subprocess.Popen(**subprocess_kwargs) as server_handle, hook.get_

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: airflow.apache.org>

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

Non-HTTPS external link: http://www.apache.org/licenses/LICENSE-2.0

✓ Git Repository History

Repository apache/airflow appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apache-airflow-providers-ssh

Create a fully-functional mini-application using Apache Airflow along with the 'apache-airflow-providers-ssh' package. This application will serve as a task scheduler for executing various SSH-based tasks on remote servers. The goal of this project is to automate common administrative tasks such as restarting services, checking disk usage, or running periodic backups.

### Project Overview:
1. **Task Definition**: Define multiple tasks within Airflow DAGs, each representing a specific administrative task that needs to be executed over SSH on remote servers.
2. **SSH Operations**: Use the 'apache-airflow-providers-ssh' package to perform SSH operations like running shell commands, transferring files, etc.
3. **Scheduling**: Schedule these tasks based on time intervals or events.
4. **Monitoring & Logging**: Implement logging mechanisms to monitor task execution and store logs for future reference.
5. **User Interface**: Develop a simple web interface (optional) to view task statuses and logs.

### Features:
- **Task Execution**: Execute shell commands on remote servers using SSH.
- **File Transfer**: Automate file transfers between local and remote systems.
- **Task Scheduling**: Schedule tasks to run at specific times or after certain events.
- **Error Handling**: Implement robust error handling to manage failed tasks.
- **Logging & Monitoring**: Provide detailed logs and monitoring capabilities.

### Implementation Steps:
1. **Setup Environment**: Set up an Apache Airflow environment and install the 'apache-airflow-providers-ssh' package.
2. **Define Tasks**: Write DAG definitions for each administrative task you want to automate, including parameters for SSH connections and commands.
3. **Integrate SSH**: Use the 'apache-airflow-providers-ssh' operators to integrate SSH functionality into your tasks.
4. **Configure Scheduling**: Configure the scheduling logic for your tasks.
5. **Testing**: Test the application thoroughly to ensure all tasks execute as expected.
6. **Deployment**: Deploy the application to a production-like environment for real-world testing.
7. **Enhancements**: Consider adding features like user authentication, more sophisticated logging, and a basic UI for monitoring purposes.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (7.8/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue