assert-ai

v0.1.0 suspicious
7.0
High Risk

YAML-driven safety evaluation pipeline with LiteLLM-backed stages

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high credential risk due to attempts to access sensitive files. While network and shell risks are low, the presence of such behavior raises concerns about potential malicious intent.

  • High credential risk
  • Attempts to access sensitive files
Per-check LLM notes
  • Network: The use of socket connections and aiohttp sessions might be legitimate if the package is designed to communicate with external services or localhost for its functionality.
  • Shell: No shell execution patterns detected, which is normal and indicates no direct system command execution risk.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code snippet suggests an attempt to access sensitive files like '/etc/passwd', indicating potential credential harvesting.

πŸ“¦ Package Quality Overall: High (8.0/10)

✦ High Test Suite 9.0

Test suite present β€” 13 test file(s) found

  • 13 test file(s) detected (e.g. test_case_labeling.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/responsibleai/ASSERT#readme
  • Detailed PyPI description (6189 chars)
✦ High Contributing Guide 9.0

Has contribution guidelines and governance files

  • Governance file: security.py
  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 615 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 12 unique contributor(s) across 100 commits in responsibleai/ASSERT
  • Active community β€” 5 or more distinct contributors

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • try: with socket.create_connection(("localhost", port), timeout=0.1): log.i
  • r 60) self._session = aiohttp.ClientSession(timeout=timeout) async def close(self) -> None:
βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • ve_ref_path(suite_root, "../../etc/passwd")) self.assertIsNone(_resolve_ref_path(suite_ro
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository responsibleai/ASSERT appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Author "Microsoft Responsible AI" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with assert-ai 
Create a mini-application named 'SafetyGuard' that leverages the 'assert-ai' package to evaluate the safety of user-provided text inputs based on predefined safety criteria. The application should be designed as a command-line tool but also include a simple web interface using Flask. Here’s a detailed breakdown of what the application should do:

1. **Setup**: Ensure your environment has Python installed, and install the 'assert-ai' package along with Flask for the web interface.
2. **Configuration**: Allow users to define their own safety criteria through a YAML configuration file. This file will specify different stages of evaluation, each potentially utilizing different models from LiteLLM.
3. **Evaluation Pipeline**: Implement a pipeline where the 'assert-ai' package processes the input text through these stages, checking against the defined criteria. Each stage should output its findings.
4. **Results Presentation**: Provide both a CLI output and a web interface that displays the results of the safety evaluation. The web interface should be interactive, allowing users to input text and see real-time feedback.
5. **Logging**: Include logging capabilities to keep track of all evaluations performed, which can be useful for auditing purposes.
6. **User Interface**: For the web interface, design it to be user-friendly, with clear sections for inputting text and viewing results. Ensure it supports multiple languages for broader accessibility.
7. **Testing**: Write tests to ensure that the application works correctly across different configurations and input types.

**Features to Consider**:
- Support for dynamic addition/removal of evaluation stages via the YAML config.
- Integration with at least two different models from LiteLLM for comparison purposes.
- Option for users to set thresholds for what constitutes 'safe' content.
- Detailed reporting on why certain text was flagged as unsafe, including specific model outputs.
- Ability to handle large volumes of text efficiently.

Utilize the 'assert-ai' package by configuring it according to your YAML settings and invoking its pipeline methods to process texts through the specified stages. Make sure to document how each part of the application interacts with 'assert-ai', especially regarding error handling and data flow between stages.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!