arkitekt-next

v0.42.2 suspicious
5.0
Medium Risk

client for the arkitekt_next platform

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to shell execution commands and low maintenance levels. While these factors do not conclusively indicate malicious intent, they warrant closer scrutiny.

  • Shell risk due to potential system-level operations
  • Low maintenance and metadata quality
Per-check LLM notes
  • Network: No network calls were detected, which is typical for benign packages.
  • Shell: Shell execution commands detected may indicate the package performs system-level operations, which could be legitimate but also warrants further investigation to ensure no unauthorized actions are being performed.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows low maintenance and metadata quality, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3928 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 87 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • xists(pyproject): subprocess.run( ["uv", "init", "--name", identifier, "--no-
  • xt" ) subprocess.run(["uv", "add", package_spec], check=True, cwd=work_dir)
  • elative_dir) docker_run = subprocess.run(" ".join(command), shell=True, cwd=work_dir) if docker_r
  • t]: try: result = subprocess.run( ["docker", "inspect", build_id], st
  • ]: try: process = subprocess.Popen( " ".join([ "docker", "run", "-i
  • t]: try: result = subprocess.run( ["docker", "run", build_id, "arkitekt-next", "i
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arkitekt-next 
Build a simple Python application using the arkitekt-next package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!