archon-search

v26.6.710 suspicious
7.0
High Risk

Standalone hybrid retrieval + routing server: LanceDB, fastembed, cross-encoder reranker, FastAPI

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate to high risks due to its network and shell execution capabilities, which could be exploited for malicious purposes. However, the lack of obfuscation and credential harvesting patterns slightly mitigates these concerns.

  • High network risk
  • High shell risk
  • Low obfuscation and credential risks
Per-check LLM notes
  • Network: The package makes external API calls which could potentially be used for data exfiltration or C2 communication.
  • Shell: The package executes shell commands that can alter system configurations and installed software, posing a risk for unauthorized changes or malicious activities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious intent.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, which may indicate it's not well-maintained or trustworthy.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. test_logging_setup.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9482 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 294 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ) if data else None req = urllib.request.Request(url, data=body, headers=HEADERS, method=method)
  • method) try: with urllib.request.urlopen(req) as resp: return json.loads(resp.rea
  • content": PROMPT}], }) req = urllib.request.Request( "https://api.anthropic.com/v1/messages", da
  • thod="POST", ) try: with urllib.request.urlopen(req) as resp: result = json.loads(resp.read(
  • ort}/health" with urllib.request.urlopen(url, timeout=1): return True
  • try: async with httpx.AsyncClient(timeout=_FETCH_TIMEOUT) as client: response
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • form == "darwin": subprocess.run(["launchctl", "unload", str(legacy_path)], check=False, capt
  • legacy_path.stem subprocess.run(["systemctl", "--user", "stop", service_name], check=False,
  • ture_output=True) subprocess.run(["systemctl", "--user", "disable", service_name], check=Fals
  • == GpuType.CUDA: subprocess.run( ["uv", "pip", "uninstall", "--python", pyth
  • se, ) subprocess.run( ["uv", "pip", "install", "--python", python
  • ) else: subprocess.run( ["uv", "pip", "install", "--python", python
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8765/search
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archon-search 
Create a comprehensive mini-application called 'DocumentQuery' that leverages the 'archon-search' package to provide users with advanced document search capabilities. The application should be designed to ingest a collection of documents from a specified directory, index these documents using vector embeddings for efficient semantic search, and allow users to query this indexed data through a user-friendly interface. The main functionalities of DocumentQuery include:

1. **Document Ingestion**: Develop a function to scan a directory for text files (e.g., .txt, .pdf, .docx) and convert their content into a structured format suitable for indexing.
2. **Embedding Generation**: Utilize the 'fastembed' component of 'archon-search' to generate dense vector representations of the document contents, enabling semantic similarity searches.
3. **Indexing**: Use the LanceDB component within 'archon-search' to create an index of the embedded documents, optimizing for both speed and accuracy.
4. **Query Processing**: Implement a query processing system that accepts user input queries, converts them into embeddings, and retrieves relevant documents based on semantic similarity.
5. **Cross-Encoder Reranking**: Enhance the initial retrieval results by applying a cross-encoder reranking technique provided by 'archon-search', improving the relevance of the returned documents.
6. **User Interface**: Design a simple yet effective web-based user interface using FastAPI to facilitate interaction with the document search functionality. Users should be able to upload new documents, perform searches, and view results.
7. **Performance Monitoring**: Incorporate basic performance metrics tracking to monitor the efficiency of the indexing and search processes, providing insights into system performance over time.

This project aims to demonstrate the integration and effectiveness of 'archon-search' in building a powerful, scalable, and user-friendly document search application.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!