askamerica

v0.21.4 suspicious
7.0
High Risk

Query US government data with a single line of Python

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant credential risk and moderate network/shell risks, suggesting potential vulnerabilities that could be exploited. However, there is no concrete evidence of malicious intent.

  • High credential risk due to HTTP POST requests for API keys
  • Moderate network risk from API interactions
  • Potential shell execution during installation
Per-check LLM notes
  • Network: The package makes network calls to an API endpoint for user authentication purposes, which could indicate legitimate functionality but also raises concerns about potential data exfiltration.
  • Shell: Executes commands on the system, potentially for installation or configuration purposes. This could be part of normal operation but might also suggest risky behavior if not properly documented.
  • Obfuscation: No obfuscation patterns detected in the provided snippet.
  • Credentials: The code snippet indicates a potential for credential harvesting as it prompts for a code and sends it via HTTP POST request.
  • Metadata: The maintainer's author name is missing or very short and the git repository is not found, raising suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://askamerica.ai/docs
  • Detailed PyPI description (1439 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 27 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • releases/tags/{tag}" with urllib.request.urlopen(url, timeout=15) as r: release = json.loads(
  • }%", end="", flush=True) urllib.request.urlretrieve(download_url, dest, reporthook=_progress) pr
  • t("Email: ").strip() r = requests.post(f"{API_BASE_URL}/v1/auth/request-otp", json={"email": email}
  • ter code: ").strip() r = requests.post(f"{API_BASE_URL}/v1/auth/verify-otp", json={"email": email,
  • eturn _cache["data"] r = requests.get(f"{API_BASE_URL}/v1/quota", headers={"X-API-Key": key})
  • n: askamerica login") r = requests.get(f"{API_BASE_URL}/v1/checkout", headers={"X-API-Key": key})
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ica-mcp for {system}...") subprocess.run(cmd, check=True, cwd=here) out = here / "dist" / ("aska
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • sent to {email}.") code = getpass.getpass("Enter code: ").strip() r = requests.post(f"{API_BASE_U
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: askamerica.ai>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with askamerica 
Create a command-line tool called 'GovDataQuery' using Python and the 'askamerica' package. This tool should allow users to query various datasets provided by the U.S. government with ease and efficiency. The application will accept user inputs specifying the type of data they wish to retrieve (e.g., economic indicators, health statistics, education data), and then display the relevant information in a user-friendly format.

### Features:
1. **User Input Handling**: Allow users to input the type of dataset they want to query, such as 'economic', 'health', or 'education'. Additionally, let them specify more granular details like specific years or regions if available.
2. **Data Retrieval**: Utilize the 'askamerica' package to fetch the requested data from the U.S. government databases. Ensure the package is installed and imported at the beginning of your script.
3. **Output Formatting**: Display the retrieved data in a structured manner, such as tables or lists, making it easy for users to understand.
4. **Error Handling**: Implement error handling to manage cases where the user inputs invalid queries or the 'askamerica' package fails to retrieve data.
5. **Interactive Mode**: Offer an interactive mode where users can repeatedly query different types of data without restarting the application.
6. **Documentation**: Provide clear documentation on how to install the required packages ('askamerica') and run the tool.

### How to Use 'askamerica':
- Import the 'askamerica' module at the start of your script.
- Use its functions to make API calls to the U.S. government data services.
- Handle the response data appropriately, ensuring it aligns with the user's query.

Your task is to write a Python script that implements these features, ensuring the code is well-commented and follows best practices.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!