arcsecond

v3.13.0 suspicious
5.0
Medium Risk

CLI for arcsecond.io

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to its network interactions and execution of shell commands, which could potentially be exploited. However, there are no clear signs of malicious intent.

  • High shell risk due to direct execution of commands
  • Moderate network risk from HTTP requests
Per-check LLM notes
  • Network: The package uses HTTP requests to interact with an API server and handle authentication, which is common but may indicate external dependency risks.
  • Shell: Executing shell commands directly can pose significant security risks, especially if the commands are influenced by untrusted input.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author's name is missing and the account appears new or inactive, but no other suspicious activities are detected.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

  • Test runner config found: conftest.py
  • 5 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://docs.arcsecond.io
  • Detailed PyPI description (1375 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 71 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in arcsecond-io/cli
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ) try: response = httpx.get(api_server) except httpx.exceptions.ConnectionError as e
  • er_token(self): res = httpx.post( self.__base_url + "/tokens", header
  • earer " + token res = httpx.get(self.__base_url + "/users/" + self.__email, headers=headers)
  • user_password) res = httpx.post( self.__base_url + "/users", headers
  • isting license. res = httpx.get(self.__base_url + "/licenses?limit=1", headers=headers)
  • d-d01385cdf73e" res = httpx.post( self.__base_url + "/licenses", head
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: completed = subprocess.run( cmd, capture_output=True,
  • name): try: out = subprocess.run( ["docker", "inspect", "-f", "{{.State.Running}}
  • n None try: out = subprocess.run( [ "docker", "ex
  • return None return subprocess.run(cmd, **kwargs) def _take_safety_backup(backups_dir, dry_ru
  • wb") as out_f: proc = subprocess.Popen( [ "docker", "ex
  • continue res = subprocess.run(cmd, capture_output=True, text=True) if res.returnco
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: arcsecond.io>

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://pepy.tech/badge/arcsecond
  • Non-HTTPS external link: http://pepy.tech/project/arcsecond
Git Repository History

Repository arcsecond-io/cli appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arcsecond 
Build a simple Python application using the arcsecond package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!