artifact-scythe

v0.7.1 suspicious
4.0
Medium Risk

CLI tools for cleaning artifacts and builds

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows no immediate signs of malicious behavior with low scores in network, shell, obfuscation, and credential risks. However, the incomplete author metadata and potentially inactive account raise suspicion, warranting further investigation before use.

  • Incomplete author metadata
  • Potentially inactive author account
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communications.
  • Shell: No shell execution patterns detected, indicating the package likely does not execute system commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious activity related to secrets or credentials.
  • Metadata: The author's information is incomplete and the account seems new or inactive, raising some concerns but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • 9 test file(s) detected (e.g. test_cleaner.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (24351 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 91 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in elielMengue/scythe
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository elielMengue/scythe appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with artifact-scythe 
Create a fully-functional mini-application named 'BuildCleaner' using Python and the 'artifact-scyth'e package. This application will serve as a powerful tool for developers to manage their project builds by efficiently cleaning up unnecessary artifacts and ensuring a clean working environment.

Steps to build the application:
1. Initialize a new Python project and install the 'artifact-scythe' package.
2. Design a command-line interface (CLI) where users can interact with the 'BuildCleaner' application.
3. Implement core functionalities such as scanning a specified directory for build artifacts, identifying files and folders that can be safely deleted, and providing options to confirm or skip deletions.
4. Add advanced features like scheduling automatic clean-ups, excluding certain directories or files from being deleted, and generating logs of actions taken during each cleanup session.
5. Ensure the application is user-friendly, with clear instructions and error messages.
6. Write unit tests to validate the functionality of the 'BuildCleaner' application.
7. Package the application as a standalone executable for easy distribution.

Suggested Features:
- Interactive mode: Allow users to manually select which artifacts to delete.
- Silent mode: Automatically delete all eligible artifacts without prompting the user.
- Configuration file support: Users can specify preferences and exclusions in a configuration file.
- Integration with version control systems: Detect and exclude version-controlled files from deletion.
- Detailed logging: Record all actions performed by the 'BuildCleaner' application for auditing purposes.

How to Utilize 'artifact-scythe':
- Use 'artifact-scythe' to scan directories for build artifacts.
- Leverage its capabilities to identify and categorize files based on their type and potential impact on the project.
- Employ 'artifact-scythe' to safely remove identified artifacts, ensuring no critical project files are deleted accidentally.
- Integrate 'artifact-scythe' into your automated workflows for consistent and reliable build management.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!