api-dock

v0.5.0 suspicious
6.0
Medium Risk

A flexible API gateway that allows you to proxy requests to multiple remote APIs and Databases

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium risk due to credential harvesting concerns and incomplete metadata, suggesting potential malicious intent.

  • High credential risk due to AWS credential checks
  • Incomplete metadata lacking author information and GitHub link
Per-check LLM notes
  • Network: The presence of network calls is expected if the package interacts with external APIs.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of base64 decoding indicates some level of obfuscation, but it could also be part of a legitimate cryptographic operation.
  • Credentials: The detection of environment variable checks for AWS credentials suggests potential harvesting of secrets, which is a high-risk activity.
  • Metadata: The package shows some red flags, such as missing author information and no associated GitHub repository, which may indicate potential risk.

📦 Package Quality Overall: Low (3.2/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (32550 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 123 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • s", True) async with httpx.AsyncClient(follow_redirects=follow_redirects) as client: tr
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • ciphertext_blob = base64.b64decode(encrypted_token.encode('utf-8')) response = sel
  • encrypted_bytes = base64.b64decode(ciphertext.encode('utf-8')) decrypted_bytes = se
  • ciphertext_blob = base64.b64decode(ciphertext.encode('utf-8')) response = self.kms
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • .get('region') or os.environ.get('AWS_DEFAULT_REGION') or os.environ.get('AWS_REGION')
  • FAULT_REGION') or os.environ.get('AWS_REGION') ) # For public buckets, try anonym
  • # - AWS config files (~/.aws/credentials, ~/.aws/config) # - IAM roles (EC2, ECS, EKS, Lambd
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: berkeley.edu>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with api-dock 
Your task is to develop a weather dashboard application using Python and the 'api-dock' package. This application will aggregate weather data from multiple sources and present it in a user-friendly manner. Here are the steps and features your application should include:

1. **Setup**: Install 'api-dock' and any necessary libraries for web development such as Flask.
2. **API Configuration**: Use 'api-dock' to configure proxies for at least three different weather API services (e.g., OpenWeatherMap, Weatherstack, AccuWeather).
3. **Data Aggregation**: Write functions to fetch current weather data from each configured API endpoint and merge the data into a single, unified dataset.
4. **User Interface**: Develop a simple HTML/CSS/JavaScript frontend to display the aggregated weather information. The interface should allow users to select which city they want to view weather data for.
5. **Error Handling**: Implement error handling in both the backend and frontend to manage cases where an API might not return data or returns an error.
6. **Additional Features**: Consider adding features like hourly forecasts, weather alerts, or historical weather data comparisons.

Your goal is to create a robust, user-friendly weather dashboard that showcases the flexibility of 'api-dock' in managing and aggregating data from multiple APIs.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!