arc-llama

v0.1.0 suspicious
5.0
Medium Risk

Plug-and-play llama.cpp runtime for Intel Arc GPUs. Auto-detects your card, picks safe SYCL defaults, and exposes an OpenAI-compatible API.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows some legitimate functionality but also exhibits behaviors that warrant further scrutiny, particularly in its network and shell execution activities.

  • network interactions via HTTPX
  • execution of shell commands
Per-check LLM notes
  • Network: The use of HTTPX for asynchronous network requests might be legitimate if the package is designed to interact with external services, but it should be scrutinized for unexpected server interactions.
  • Shell: Executing shell commands like 'id', 'clinfo', and 'lspci' can be part of system diagnostics or feature detection, but could also indicate attempts to gather sensitive information or execute arbitrary commands.
  • Obfuscation: The observed pattern is a standard logging statement and does not indicate malicious obfuscation.
  • Credentials: No suspicious patterns indicating credential harvesting were detected.
  • Metadata: The presence of non-secure links and an unestablished repository raises concerns about potential malicious intent.

πŸ“¦ Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present β€” 10 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 10 test file(s) detected (e.g. conftest.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9829 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 126 type-annotated function signatures detected in source
β—ˆ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 20 commits in offbyonebit/arc-llama
  • Two distinct contributors found

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • = vram_total async with httpx.AsyncClient(base_url=server_url, timeout=300.0) as client: # Ens
  • kResult] = [] async with httpx.AsyncClient(base_url=server_url, timeout=300.0) as client: for c
  • + timeout async with httpx.AsyncClient(timeout=2.0) as client: while time.time() < dead
  • want_stream: client = httpx.AsyncClient(timeout=None) req = client.build_request(
  • am), ) async with httpx.AsyncClient(timeout=600.0) as client: r = await client.post(targ
  • None: self._client = httpx.AsyncClient(base_url=self.server_url, timeout=10.0) gpus = self.
⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • log.info("benchmarking prompt-eval (%d tokens) ...", prompt_tokens) result.prompt_eval_t
⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • ups:") try: out = subprocess.run(["id", "-nG"], capture_output=True, text=True, timeout=2)
  • """ try: out = subprocess.run( ["clinfo"], capture_output=True, text=True, tim
  • """ try: out = subprocess.run( ["lspci", "-nn"], capture_output=True, text=Tru
  • argv)) self.process = subprocess.Popen( self.plan.argv, env=self.plan.env,
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

⚠ Suspicious Page Links score 8.0

Found 4 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:11437/v1/...`.
  • Non-HTTPS external link: http://127.0.0.1:11437/`
  • Non-HTTPS external link: http://127.0.0.1:11437/v1`:
  • Non-HTTPS external link: http://127.0.0.1:11437/v1/chat/completions
⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with arc-llama 
Create a Python-based chatbot application named 'LlamaTutor' that leverages the 'arc-llama' package to provide educational content tailored to user queries. This application will use the plug-and-play capabilities of 'arc-llama' to automatically detect and utilize the user's Intel Arc GPU, ensuring efficient processing through its OpenAI-compatible API. Here’s a detailed plan for building 'LlamaTutor':

1. **Setup Environment**: Begin by setting up a Python environment. Ensure you have the latest version of Python installed. Install the 'arc-llama' package using pip. Additionally, install any other necessary libraries such as Flask for web server functionality.

2. **User Interface Design**: Design a simple yet intuitive interface where users can input their questions or topics they wish to learn about. This could be a basic web form or a command-line interface, depending on the target audience.

3. **Integration with arc-llama**: Use 'arc-llama' to set up a backend service that processes these inputs. Utilize the package's auto-detection feature to ensure compatibility with the user's hardware without requiring manual configuration. The goal is to make the setup process as seamless as possible.

4. **Educational Content Database**: Incorporate a database of educational content that the chatbot can reference when responding to user queries. This could include facts, definitions, explanations, and links to further reading materials.

5. **Query Processing and Response Generation**: When a user submits a query, the application should send it to the 'arc-llama' backend for processing. The backend will then generate a response based on the provided educational content. Responses should be accurate, concise, and informative.

6. **Feedback Loop**: Implement a feedback mechanism where users can rate the accuracy and usefulness of the responses. This data can be used to improve the quality of future responses.

7. **Security Measures**: Since the application will handle user interactions, ensure proper security measures are in place, including secure handling of user data and protection against common web vulnerabilities.

8. **Testing and Deployment**: Thoroughly test the application to ensure all components work as expected. Deploy the application on a cloud platform like AWS or Heroku, making it accessible to a broader audience.

This project not only showcases the power of 'arc-llama' but also provides a practical solution for educational purposes, demonstrating how advanced AI technologies can be integrated into everyday applications.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!