api-key-manager

v2.1.0 suspicious
4.0
Medium Risk

Batch manage API keys for 44+ AI providers with CLI and Web interfaces

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits low risks in terms of network, shell execution, obfuscation, and credential harvesting. However, its recent creation and limited maintainer history raise concerns about its legitimacy.

  • Metadata risk due to recent creation and limited maintainer history
  • No significant malicious activities detected
Per-check LLM notes
  • Network: The detected network calls appear to be fetching configuration updates, which is common for packages that require dynamic configuration.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows recent creation and limited maintainer history, which raises suspicion but does not conclusively indicate malice.

📦 Package Quality Overall: Low (4.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/Townrain/API-Key-Manager#readme
  • Detailed PyPI description (15141 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 365 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 16 commits in Townrain/API-Key-Manager
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • } async with httpx.AsyncClient(timeout=timeout) as client: result = await provi
  • 拉取最新配置""" async with httpx.AsyncClient() as client: resp = await client.get(CAPS_URL, t
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:7890
Git Repository History score 2.5

Git history flags: Repository created very recently: 5 day(s) ago (2026-06-02T06:48:00Z)

  • Repository created very recently: 5 day(s) ago (2026-06-02T06:48:00Z)
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package is very new: uploaded 3 day(s) ago
  • Author "Townrain" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with api-key-manager 
Create a fully-functional mini-application called 'KeyGuard' that leverages the 'api-key-manager' package to provide comprehensive management of API keys from various AI service providers. KeyGuard should offer both command-line and web-based interfaces, allowing users to easily add, delete, update, and view their API keys. The application should also include security measures such as encryption for stored keys and user authentication for the web interface.

Step 1: Setup
- Install the 'api-key-manager' package using pip.
- Create a virtual environment and install necessary dependencies including Flask for the web interface.

Step 2: Command-Line Interface (CLI)
- Implement basic commands for adding, deleting, updating, and listing API keys.
- Use the 'api-key-manager' package to interact with the backend services for these operations.
- Ensure that all operations are logged for audit purposes.

Step 3: Web Interface
- Design a simple, user-friendly web interface using HTML/CSS/JavaScript.
- Integrate Flask with the 'api-key-manager' package to handle CRUD operations on API keys through the web.
- Implement user authentication using Flask-Login.

Step 4: Security Features
- Encrypt all stored API keys using a secure method supported by 'api-key-manager'.
- Ensure that decrypted keys are only accessible within the scope of the operation they're needed for.
- Implement rate limiting and IP blocking to prevent brute-force attacks.

Step 5: Documentation and Testing
- Write comprehensive documentation for both CLI and web interfaces.
- Conduct thorough testing, including unit tests and integration tests, to ensure all functionalities work as expected.
- Deploy the application to a cloud platform like AWS or Heroku for accessibility.

Features:
- Support for at least 10 popular AI service providers.
- Role-based access control for different levels of key management permissions.
- Export functionality to allow users to download their API keys in a CSV format.
- Integration with popular continuous integration tools for automated testing and deployment.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!