askme-ai-cli

v0.5.0 suspicious
5.0
Medium Risk

A professional iterative CLI AI Agent powered by Ollama

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium risk due to potential misuse of network interactions and high risk from unsafe shell command execution. However, there are no signs of obfuscation or credential harvesting.

  • Moderate network risk
  • High shell risk
Per-check LLM notes
  • Network: The network calls seem to be standard API interactions but could potentially be used for unexpected purposes if misused.
  • Shell: The use of subprocess.run and Popen with 'shell=True' is risky as it can lead to command injection vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.

📦 Package Quality Overall: Low (2.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2364 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 49 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • illa/5.0'} response = requests.get(url, headers=headers, timeout=10) response.raise_for
  • ) try: response = requests.post(url, headers=headers, json=payload, timeout=30) data
  • uest( lambda: requests.post(url, headers=headers, json=payload, timeout=30)
  • uest( lambda: requests.post(url, headers=headers, json=payload, stream=True, timeout=120
  • try: r = requests.post(probe_url, headers=probe_headers, json=probe_payload, timeou
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ommand) process = subprocess.Popen( cmd_args, shell=use_shell,
  • uching the file dry = subprocess.run( ['patch', '--dry-run', '-u', '-o', '-', filepat
  • tually apply result = subprocess.run(['patch', '-u', filepath, tmp_path], capture_output=True, te
  • try: result = subprocess.run( [rg, '--line-number', '--no-heading', '--co
  • rep try: result = subprocess.run( ['grep', '-rnI', pattern, path], ca
  • "): try: result = subprocess.run(['pytest', '-v', path], capture_output=True, text=True)
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: example.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with askme-ai-cli 
Create a personalized FAQ bot using the 'askme-ai-cli' package. This mini-app will serve as a knowledge base for users, answering common questions related to a specific topic or product. The app should have the following features:

1. **User Interaction**: Allow users to input their questions through a command-line interface.
2. **Question Parsing**: Use the 'askme-ai-cli' package to parse and understand user queries effectively.
3. **Knowledge Base Integration**: Integrate a predefined set of FAQs into the system. These FAQs should cover various aspects of the topic or product.
4. **Iterative Responses**: Implement an iterative response mechanism where the bot can ask follow-up questions if it needs more information to provide an accurate answer.
5. **Learning Mechanism**: Incorporate a feature where the bot can learn from previous interactions to improve future responses.
6. **Customizability**: Make the app customizable so that it can be adapted for different topics or products by simply changing the integrated FAQs.
7. **Logging**: Keep a log of all user interactions for analysis and improvement purposes.

Utilize the 'askme-ai-cli' package to handle the natural language processing tasks, such as understanding the context of user inputs and generating appropriate responses. Ensure that the app is user-friendly and efficient, providing quick and accurate answers to user inquiries.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!