asiai-inference-server

v0.2.0 suspicious
4.0
Medium Risk

Fleet manager for local LLM inference engines on Apple Silicon

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse due to its execution of shell commands and low activity in the git repository, raising concerns about its legitimacy and security practices.

  • High shell risk due to subprocess usage
  • Low activity and anonymous author in the git repository
Per-check LLM notes
  • Network: The network calls seem to be intended for API communications, possibly for model inference services.
  • Shell: The use of subprocess.run indicates the package may execute shell commands, which could pose a risk if not properly sanitized or controlled.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows some red flags such as an anonymous author and low activity in the git repository, but no clear evidence of typosquatting or malicious intent.

📦 Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present — 17 test file(s) found

  • Test runner config found: pyproject.toml
  • 17 test file(s) detected (e.g. test_aisctl_broadcast.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://asiai.dev/inference-server/
  • Detailed PyPI description (3022 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 167 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 33 commits in druide67/asiai-inference-server
  • Single author but highly active (33 commits)

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ).encode() req = urllib.request.Request( f"{base}/api/generate", dat
  • try: with urllib.request.urlopen(req, timeout=120) as resp: resp.read
  • ).encode() req = urllib.request.Request( f"{base}/v1/chat/completions",
  • try: with urllib.request.urlopen(req, timeout=180) as resp: resp.read
  • s}).encode("utf-8") req = urllib.request.Request( endpoint, data=payload, met
  • cheme enforced). with urllib.request.urlopen(req, timeout=eff_timeout) as resp: raw =
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • e=args.force): proc = subprocess.run( argv, capture_output=True,
  • return 0 result = subprocess.run(cmd, check=False) return result.returncode def _instal
  • nic() try: proc = subprocess.run( argv, capture_output=True,
  • ror on failure.""" proc = subprocess.run( ["sudo", "/sbin/pfctl", "-nf", "-"], input=
  • -8") try: subprocess.run(["sudo", "/bin/mkdir", "-p", PF_ANCHORS_DIR], check=True)
  • DIR], check=True) subprocess.run(["sudo", "/bin/mv", str(tmp_path), dst], check=True)
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: free.fr>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with asiai-inference-server 
Create a Python-based mini-app called 'LLM Orchestrator' that leverages the 'asiai-inference-server' package to manage and utilize multiple local Large Language Model (LLM) inference engines running on Apple Silicon devices. This app should serve as a bridge between the user and their LLMs, allowing for seamless interaction and management of these models.

Step 1: Set up the environment by installing the 'asiai-inference-server' package and any other necessary dependencies.

Step 2: Design a command-line interface (CLI) for users to interact with the app. This CLI should allow users to:
- List all available LLM inference engines managed by the server.
- Start, stop, and restart individual LLM engines.
- Query the status of each engine (running, stopped).
- Send prompts to the selected LLM engine and receive responses.

Step 3: Implement a feature that allows users to configure settings for each LLM engine, such as adjusting response generation parameters or specifying preferred models.

Step 4: Develop a monitoring system within the app to track the performance of each LLM engine, including metrics like response time and memory usage.

Step 5: Integrate error handling to ensure the app can gracefully recover from issues like failed connections to LLM engines or unexpected errors during processing.

Throughout the development process, utilize the 'asiai-inference-server' package's core functionalities to manage the lifecycle of LLM engines and facilitate communication between the user and the models. Ensure the app is user-friendly, efficient, and capable of providing valuable insights into the operation of local LLM inference engines.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!