Package Metadata

Author: Asok Maintainers
Email: Mpia Mimpiya PULUDISU <[email protected]>
PyPI: asok
Python: >=3.10
Versions: 11 releases
First release: 19 Apr 2026, 23:40 UTC
Analysed: 07 Jun 2026, 14:07 UTC
Source files: 62 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14Topic :: Internet :: WWW/HTTP :: WSGI :: Application

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits concerning signs of potential credential misuse and data obfuscation, raising suspicion about its intent and safety.

High risk associated with direct access to sensitive AWS credentials
Use of base64 decoding suggesting possible data obfuscation

Per-check LLM notes

Obfuscation: The use of base64 decoding suggests some form of data obfuscation, but without context it's unclear if this is benign or malicious.
Credentials: Direct access to environment variables for sensitive AWS credentials and a generic 'SECRET_KEY' raises significant concerns about potential unauthorized access or leakage of secrets.
Metadata: The maintainer has only one package, which could indicate a new or less active account, but there are no other red flags.

📦 Package Quality Overall: Medium (5.2/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (16856 chars)

✦ High Contributing Guide 9.0

Has contribution guidelines and governance files

Governance file: security.py
Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

336 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 6.0

Limited contributor diversity

2 unique contributor(s) across 41 commits in asok-framework/asok
Two distinct contributors found

🔬 Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

lication/json"} req = urllib.request.Request( config["token_url"], data=u
(10 seconds) with urllib.request.urlopen(req, timeout=10) as response: # SECU
} user_req = urllib.request.Request(config["user_url"], headers=user_headers) t
(10 seconds) with urllib.request.urlopen(user_req, timeout=10) as response: #
oS. """ req = urllib.request.Request( "https://api.github.com/user/emails",

⚠ Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

val = base64.b64decode(val[7:]) except Exception as e:
f"Forbidden: eval(), exec(), __import__(), dunder methods, etc."
# source code in the HTML. No eval() or new Function() is used at runtime, so # unsafe-
f"Forbidden: eval(), exec(), __import__(), dunder methods, etc." )

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

build.css") res = subprocess.run( [bin_path, "-i", input_path, "-o", output_p
res = subprocess.run( [
fy else ''}...") result = subprocess.run(cmd, cwd=root) if result.returncode != 0: Style.
try: subprocess.run(cmd, check=True, capture_output=True)
ss") try: proc = subprocess.Popen( [bin_path, "-i", input_path, "-o", output_path,

⚠ Credential Harvesting score 10.0

Found 6 credential access pattern(s)

iron.get("ASOK_S3_REGION") or os.environ.get( "AWS_DEFAULT_REGION" ) endpoint = os.environ.get(
aws_access_key_id=os.environ.get("AWS_ACCESS_KEY_ID"), aws_secret_access_key=os.enviro
aws_secret_access_key=os.environ.get("AWS_SECRET_ACCESS_KEY"), ) self.custom_domain =
gn the state secret = os.getenv("SECRET_KEY") if not secret: raise RuntimeError
ined above) sec_key = os.getenv("SECRET_KEY") if not sec_key: if self.config.ge
password: password = getpass.getpass(f" {Style.BOLD}Enter your password:{Style.RESET} ")

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: outlook.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository asok-framework/asok appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Asok Maintainers" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with asok

Create a simple weather information retrieval app using the 'asok' Python web framework. This app will allow users to enter a city name and receive the current weather conditions, including temperature, humidity, and wind speed. Here are the steps and features you need to implement:

1. Set up your development environment by installing Python and the 'asok' package.
2. Use 'asok' to create a basic web server that listens on a specific port.
3. Design a simple HTML form where users can input a city name and submit it to the server.
4. Implement a route handler in 'asok' that processes the form submission, calls a weather API (such as OpenWeatherMap) to fetch the current weather data for the requested city, and parses the response.
5. Display the weather information in a user-friendly manner on the same page as the form.
6. Add error handling to manage cases where the city name is not recognized or the API request fails.
7. Optionally, enhance the app by adding caching for recent requests to improve performance and reduce API call frequency.
8. Ensure the application is well-documented and easy to run for other developers.

This project will demonstrate how to use 'asok', a lightweight web framework, to create a functional web application that interacts with external APIs.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (5.2/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue