Package Metadata

Author: —
Email: Ascend AI <[email protected]>
PyPI: ascend-ai-sdk
Python: >=3.8
Versions: 18 releases
First release: 16 Dec 2025, 20:22 UTC
Analysed: 07 Jun 2026, 13:16 UTC
Source files: 31 .py files scanned

Project Links

Changelog Documentation Homepage Repository

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.8Programming Language :: Python :: 3.9Topic :: Scientific/Engineering :: Artificial Intelligence

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple red flags including high risks associated with shell execution and credential management, suggesting potential vulnerabilities or malicious intent.

High shell risk due to direct execution
Unsafe credential handling through eval calls

Per-check LLM notes

Network: The network call pattern indicates the package might use HTTP requests for retries, which is common for SDKs but should be reviewed for secure handling of credentials.
Shell: Executing shell commands directly poses significant risks, including potential unauthorized access and command injection vulnerabilities.
Obfuscation: The use of custom eval functions and multi-layer security suggests an attempt to bypass security measures, indicating potential malicious obfuscation.
Credentials: The presence of unsafe eval calls that could read system files indicates a high risk for credential harvesting or other unauthorized access.
Metadata: The package shows signs of being potentially new or less active, with an author lacking a full name and minimal engagement on the Git repository.

📦 Package Quality Overall: Medium (6.0/10)

✦ High Test Suite 9.0

Test suite present — 17 test file(s) found

Test runner config found: pyproject.toml
17 test file(s) detected (e.g. test_bug16_classB_failmode_closed.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://docs.ascendowkai.com/sdk/python
Detailed PyPI description (4519 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

158 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 5.0

Limited contributor diversity

1 unique contributor(s) across 32 commits in Amplify-Cost/ascend-sdk-python
Single author but highly active (32 commits)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

logic self._session = requests.Session() retry_strategy = Retry( total=max_retr

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

natives to Python's dangerous eval() and exec() with multi-layer security: Layer 1: Local AST
) result = evaluator.eval("sum([1, 2, 3])") Compliance: CWE-94, CWE-95, MITRE T1059.0
seconds}s" ) def eval( self, code: str, context: Optional[
ds): result = eval(code, restricted_globals, {}) logger.debug(f"DE
Same exceptions as eval() """ # Step 0: Length check if len(
""" return [self.eval(expr, context) for expr in expressions] def analyze(sel

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

mport subprocess result = subprocess.run(["ls", "-la"]) # Dynamic code wrapper from ascend.w
mport subprocess result = subprocess.run(["ls", "-la"]) # Option 2: Explicit governance from
h") def deploy(): subprocess.run(["./deploy.sh"]) Compliance: CWE-78, CWE-77, MITRE T1059.00
Process: """ Governed subprocess.run() replacement. Same API as subprocess.run() with added
replacement. Same API as subprocess.run() with added governance checks. Raises: Governa
-> int: """ Governed subprocess.call() replacement. """ _check_governance(args, shell=she

⚠ Credential Harvesting score 5.0

Found 2 credential access pattern(s)

safe_eval("open('/etc/passwd').read()") def test_safe_eval_allows_pure_arithmetic(s
result = analyze_code("open('/etc/passwd')") assert result.has_dangerous_constructs

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: ow-kai.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ascend-ai-sdk

Create a mini-application called 'AI Compliance Checker' using the Python package 'ascend-ai-sdk'. This tool will help users manage their AI projects by ensuring they comply with various regulatory standards and best practices. Here’s a detailed step-by-step guide on how to build this application:

1. **Setup Environment**: Begin by setting up your Python environment. Install the 'ascend-ai-sdk' package via pip and ensure all necessary dependencies are installed.
2. **User Interface**: Design a simple yet intuitive command-line interface (CLI) where users can input details about their AI projects such as project name, type of AI model used, data sources, etc.
3. **Compliance Checks**: Utilize the 'ascend-ai-sdk' to perform compliance checks based on user inputs. The SDK allows you to integrate with the Ascend AI Governance Platform which provides comprehensive guidelines and checks for different industries (e.g., healthcare, finance).
4. **Generate Reports**: Once the compliance checks are done, generate a report summarizing the results. Include recommendations for improving compliance if any issues are found.
5. **Save and Export Data**: Allow users to save the compliance check results and reports locally or export them to a cloud storage service like AWS S3.
6. **Security Measures**: Implement basic security measures to protect sensitive information stored during the compliance process.

Suggested Features:
- Integration with multiple cloud services for data export.
- Option to schedule regular compliance checks.
- Detailed documentation and user guides.
- Support for multiple languages.

How 'ascend-ai-sdk' is utilized:
- To interact with the Ascend AI Governance Platform API for performing compliance checks.
- To fetch and apply industry-specific compliance standards.
- To securely handle user data and project information.