Package Metadata

Author: Dynamiq AI
Email: —
PyPI: arcllm-sdk
Python: >=3.10
Versions: 7 releases
First release: 06 May 2026, 16:27 UTC
Analysed: 07 Jun 2026, 11:07 UTC
Source files: 61 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to shell execution, potential obfuscation, and high risk related to credential handling. While there are no immediate signs of malicious activity, the combination of these factors warrants further scrutiny.

High credential risk due to insecure AWS credential access
Moderate shell risk from executing external commands

Per-check LLM notes

Network: The network calls appear to be for making HTTP requests, possibly for API interactions, which is not inherently suspicious but should be reviewed for the legitimacy of the endpoints and data being exchanged.
Shell: The shell execution patterns indicate that the package may execute external commands, including running scripts and using 'gcloud' for authentication purposes, which could pose a risk if not properly controlled and could potentially be exploited for unauthorized actions.
Obfuscation: The base64 encoding pattern detected could be for legitimate data storage but also may indicate an attempt to hide code or data.
Credentials: The code is accessing AWS credentials through environment variables and configuration, which poses a high risk of credential harvesting if not properly secured.
Metadata: The maintainer has only one package, suggesting a new or less active account which could indicate potential risk.

📦 Package Quality Overall: Medium (6.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

Test runner config found: pyproject.toml

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/dynamiq-ai/arcllm#readme
Detailed PyPI description (17190 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
294 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

4 unique contributor(s) across 50 commits in dynamiq-ai/arcllm
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

.0) -> dict | None: req = urllib.request.Request(url, headers=headers) try: with urllib.r
eaders) try: with urllib.request.urlopen(req, timeout=timeout) as resp: return or
ext() self._client = httpx.Client( timeout=timeouts, limits=limits,
self._session = aiohttp.ClientSession( connector=self._connector,

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

png") out.write_bytes(base64.b64decode(response.data[0].b64_json)) print(f"Wrote {out} ({ou

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

ess result = subprocess.run( ["gcloud", "auth", "print-access-token"
"import arcllm" result = subprocess.run( [ sys.executable, "-c",
int(elapsed) """ result = subprocess.run( [sys.executable, "-c", script], capture_out
4 print(mem) """ result = subprocess.run( [sys.executable, "-c", script], capture_out
s(results)) ''' result = subprocess.run( [sys.executable, "-c", script], capture_out

⚠ Credential Harvesting score 10.0

Found 4 credential access pattern(s)

region = config.aws_region or os.environ.get("AWS_REGION", "us-east-1") self._access_key = config.aws_
= config.aws_access_key_id or os.environ.get("AWS_ACCESS_KEY_ID") self._secret_key = config.aws_secret
nfig.aws_secret_access_key or os.environ.get("AWS_SECRET_ACCESS_KEY") self._session_token = config.aws
= config.aws_session_token or os.environ.get("AWS_SESSION_TOKEN") self._api_base = config.api_base or

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository dynamiq-ai/arcllm appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Dynamiq AI" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arcllm-sdk

Create a fully functional mini-app called 'LLM Assistant' using the Python package 'arcllm-sdk'. This app will serve as a versatile tool for users to interact with various Large Language Models (LLMs) in real-time. The primary goal of the LLM Assistant is to provide an intuitive interface where users can input queries and receive responses from different LLMs seamlessly. The app should support multiple LLMs and allow users to switch between them effortlessly.

### Features:
- **User Interface**: A simple, user-friendly interface built with Flask or Streamlit for easy interaction.
- **LLM Selection**: Users should be able to choose from a list of supported LLMs, including but not limited to GPT-3, Claude, and others.
- **Real-Time Interaction**: Provide real-time interaction capabilities so users can see responses as they type their queries.
- **History Log**: Maintain a history log of all interactions, allowing users to review past conversations easily.
- **Customization Options**: Allow users to customize settings such as model temperature, max token length, etc., to fine-tune the response style.

### Utilizing 'arcllm-sdk':
- Use 'arcllm-sdk' to connect your application to various LLMs. Ensure minimal setup time by leveraging the package's minimal dependency feature.
- Implement 'arcllm-sdk' functionalities to handle communication with LLMs efficiently, ensuring maximum performance as advertised.
- Integrate 'arcllm-sdk' to manage session states and context across different interactions, enhancing the coherence of conversations.

### Development Steps:
1. **Setup Environment**: Install necessary packages including 'arcllm-sdk', Flask/Streamlit, and any other required libraries.
2. **Design UI**: Develop a clean and interactive user interface that allows users to select LLMs and input queries.
3. **Implement Core Functionality**: Use 'arcllm-sdk' to establish connections with different LLMs and implement real-time interaction.
4. **Add Customization Options**: Include settings for users to tweak their experience based on their preferences.
5. **Test Thoroughly**: Ensure the app works smoothly with various LLMs and handles errors gracefully.
6. **Deploy**: Once tested, deploy the app using services like Heroku or AWS to make it accessible online.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.4/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue