Package Metadata

Author: —
Email: Ggboykxz <[email protected]>
PyPI: apex-ai
Python: >=3.11
Versions: 7 releases
First release: 10 May 2026, 11:54 UTC
Analysed: 07 Jun 2026, 08:02 UTC
Source files: 62 .py files scanned

Project Links

Changelog Documentation Homepage Issues Repository Sponsor

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleIntended Audience :: DevelopersOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Scientific/Engineering :: Artificial IntelligenceTopic :: Software Development :: Code Generators

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to its network activity, shell execution capabilities, and handling of credentials, indicating potential for misuse.

High network and shell execution risks
Potential credential harvesting
Lack of author information

Per-check LLM notes

Network: The package makes network calls which could potentially be used to communicate with external services, raising concerns about data exfiltration or command and control activities.
Shell: The use of shell execution commands like os.system and subprocess.run can pose significant security risks, including remote code execution, suggesting potential for malicious activities.
Obfuscation: Base64 encoding and compression suggest data obfuscation, but lack of eval/exec usage indicates it's likely for data integrity rather than malicious obfuscation.
Credentials: Usage of GITHUB_TOKEN and references to system files like passwd and shadow indicate potential for credential harvesting or system manipulation.
Metadata: The author's lack of information and the presence of non-secure links raise some concerns, but there is no strong evidence of malicious intent.

📦 Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present — 3 test file(s) found

Test runner config found: pyproject.toml
3 test file(s) detected (e.g. test_advanced.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://apex-ai.dev/docs
Detailed PyPI description (16118 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

795 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

3 unique contributor(s) across 100 commits in Ggboykxz/APEX
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

t() req = urllib.request.Request(instr, headers={"User-Agent": "APEX/1.0"})
}) resp = urllib.request.urlopen(req, timeout=5, context=ctx) con
try: req = urllib.request.Request(f"{url}/api/tags") response = urllib.req
tags") response = urllib.request.urlopen(req, timeout=2) return response.status =
_get_headers() req = urllib.request.Request(url, headers=headers, method=method) if dat
try: response = urllib.request.urlopen(req) return json.loads(response.read().d

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

") json_str = base64.b64decode(compressed.encode()).decode() session_data =
SON-like string without using eval().""" if not data: return default try:
(r"eval\s*\(", "Use of eval() is dangerous"), (r"exec\s*\(", "Use of exe
TERNS = [ (r"eval\s*\(", "eval() is dangerous"), (r"exec\s*\(", "exec() is dangerous"),
(r"eval\(", "Use of eval() is dangerous"), (r"exec\(", "Use of ex
field(default_factory=lambda: __import__("time").time()) class TaskQueue: def __init__(self):

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

(r"os\.system\s*\(", "os.system() is insecure"), (r"subprocess.*shell\s*=\s*
(r"os\s*\.\s*system\s*\(", "os.system() is dangerous"), (r"os\s*\.\s*popen\s*\(", "os.popen()
(r"os\s*\.\s*popen\s*\(", "os.popen() is dangerous"), (r"pickle\s*\.(load|loads)\s*\(", "pic
try: result = subprocess.run( ["docker", "build", "-t", tag, "."], cwd=se
try: proc = subprocess.run( cmd, shell=True,
result = subprocess.run( shlex.split(safe_cmd),

⚠ Credential Harvesting score 7.5

Found 3 credential access pattern(s)

self.token = token or os.environ.get("GITHUB_TOKEN", "") self.owner = owner self.repo = repo
pe to shell"), (r">\s*/etc/passwd", "System file modification"), (r">\s*/etc/shadow",
odification"), (r">\s*/etc/shadow", "Shadow file modification"), (r"chmod\s+777\s+/(?

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

⚠ Suspicious Page Links score 8.0

Found 4 suspicious link(s) on the package page

Non-HTTPS external link: http://127.0.0.1:9090
Non-HTTPS external link: http://127.0.0.1:9090/v1/register
Non-HTTPS external link: http://127.0.0.1:9090/v1/chat/completions
Non-HTTPS external link: http://127.0.0.1:9090/v1/status

✓ Git Repository History

Repository Ggboykxz/APEX appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apex-ai

Create a command-line tool named 'CodeCraft' using the Python package 'apex-ai'. This tool will enable developers to interact with various AI models directly from their terminal for code-related tasks such as generating code snippets, debugging, and suggesting improvements. Here’s a detailed breakdown of the steps and features to include:

1. **Setup**: Begin by installing the 'apex-ai' package and setting up a basic CLI interface using Python's argparse module.
2. **Command Structure**: Design commands for CodeCraft that allow users to specify which AI model they want to use and what task they wish to perform (e.g., generate code, debug code).
3. **AI Model Integration**: Utilize 'apex-ai' to connect to different AI models (such as Codex, Claude, etc.) seamlessly through a single interface. Each model should be accessible via command-line options.
4. **Code Generation**: Implement a feature where users can input a brief description of the code they need, and the tool will generate the corresponding code snippet using the selected AI model.
5. **Debugging Assistance**: Add functionality to analyze existing code and suggest fixes or improvements based on the feedback from the AI model.
6. **Interactive Mode**: Include an interactive mode where users can engage in a conversation with the AI model about their code, asking for advice or explanations.
7. **Customization Options**: Allow users to customize settings like the temperature of the response, verbosity of the output, and preferred programming language.
8. **Error Handling**: Ensure robust error handling is in place to manage any issues that arise during interaction with the AI models.
9. **Documentation**: Provide comprehensive documentation for both users and contributors, explaining how to install, configure, and use the tool effectively.

By following these steps and incorporating these features, you will create a powerful and user-friendly tool that leverages the capabilities of 'apex-ai' to enhance coding productivity and efficiency.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.6/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue