apikeyscanner

v1.0.0 suspicious
4.0
Medium Risk

A local secret leak detection tool for developers and DevOps teams.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low risk in terms of network and shell activities, but the metadata analysis raises concerns due to low repository activity and lack of detailed information from the maintainer.

  • Low repository activity
  • New maintainer with insufficient details
Per-check LLM notes
  • Network: No network calls detected, which is not necessarily suspicious unless the package's functionality requires it.
  • Shell: No shell execution patterns detected, indicating that the package does not execute system commands without user interaction.
  • Metadata: The repository's low activity, new maintainer, and lack of details raise concerns about potential malicious intent.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_scanner.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (8192 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 26 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 2 commits in devxyasir/apikeyscanner
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Very few commits: 2 total
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apikeyscanner 
Create a Python-based CLI tool named 'SecretGuard' that leverages the 'apikeyscanner' package to help developers and DevOps teams detect potential security leaks within their code repositories. SecretGuard should be able to scan files for common patterns of API keys, tokens, and other sensitive information. The tool should support scanning specific file types (e.g., .py, .json, .yaml), allowing users to specify directories or individual files as inputs. Additionally, SecretGuard should provide an option to exclude certain directories or files from the scan to prevent false positives. After scanning, the tool should output a report detailing any potential leaks found, including the file path and line number where the suspicious string was located. Users should also have the ability to customize the regex patterns used for detecting secrets. The application should be designed with modularity in mind, allowing for easy extension of supported file types and detection patterns.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!