aru-code

v0.61.0 suspicious
5.0
Medium Risk

A Claude Code clone built with Agno agents

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse due to shell execution capabilities, though the lack of obfuscation and credential harvesting reduces immediate concerns. The maintainer's metadata is incomplete, adding a layer of uncertainty.

  • Shell risk due to subprocess usage
  • Incomplete maintainer metadata
Per-check LLM notes
  • Network: The use of urllib and httpx suggests the package may be performing network requests, which could be benign if it's part of its intended functionality.
  • Shell: The execution of commands via subprocess indicates potential risks as it can be misused to execute arbitrary commands on the user's system.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer's author name is missing and they appear to be new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (4.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (27895 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 467 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in estevaofon/aru
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • a).encode("ascii") req = urllib.request.Request( url, data=body, method="
  • ) try: with urllib.request.urlopen(req, timeout=timeout) as resp: raw = re
  • t httpx with httpx.Client(timeout=URL_FETCH_TIMEOUT, follow_redirects=True) as client:
  • th() async_http_client = httpx.AsyncClient( auth=auth, timeout=httpx.Timeout(120.0, c
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: process = subprocess.Popen( command, shell=True,
  • ) -> None: try: subprocess.run( ["git", "--version"], capture_out
  • str(target)]) result = subprocess.run(cmd, capture_output=True, text=True, timeout=120) if re
  • git_available() result = subprocess.run( ["git", "-C", str(target), "pull", "--ff-only"],
  • self._cached_git_status = subprocess.run( ["git", "status", "-s"], capture_output=Tr
  • command, shell=True, stdout=subprocess.PIPE, stderr=s
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository estevaofon/aru appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aru-code 
Create a fully functional code playground mini-app using the 'aru-code' package, which is a clone of Claude Code built with Agno agents. This app will allow users to write, run, and share simple code snippets in various programming languages directly within their browser. Here are the steps and features you need to implement:

1. **Setup**: Start by installing the 'aru-code' package and setting up your development environment. Ensure you have Python installed and create a virtual environment for this project.
2. **User Interface**: Design a clean and user-friendly interface where users can input their code. Include syntax highlighting and line numbering for better readability.
3. **Code Execution**: Implement a feature that allows users to execute their code snippets. Use the 'aru-code' package to manage the execution process, ensuring it supports multiple programming languages like Python, JavaScript, and Ruby.
4. **Output Display**: After execution, display the output of the code in a separate section of the UI. Handle errors gracefully and provide meaningful error messages.
5. **Sharing Feature**: Allow users to save and share their code snippets. They should be able to generate a unique URL that others can use to view and run the same code.
6. **Dark Mode Toggle**: Add a toggle option for dark mode to cater to different user preferences.
7. **Language Selector**: Provide a dropdown menu to select the language for the code snippet before execution.
8. **Documentation**: Write a README file explaining how to install, use, and contribute to the project. Include examples of how to use the app effectively.

Utilize the 'aru-code' package throughout the development process, leveraging its capabilities to streamline the code execution and management functionalities. Ensure the final product is robust, scalable, and easy to use.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!