astraea-framework

v0.2.0 safe
4.0
Medium Risk

Open-justice RAG framework - jurisdiction-specific legal Q&A over public court decisions

🤖 AI Analysis

Final verdict: SAFE

The package appears to be legitimate with low risk indicators. While there are some concerns regarding recent repository creation and incomplete maintainer profile, no clear signs of malicious intent or supply-chain attack were identified.

  • Low network, shell, credential risks
  • Some obfuscation via eval and Lua scripts
  • Recently created repository with incomplete maintainer profile
Per-check LLM notes
  • Network: The observed network call patterns suggest legitimate HTTP requests for API interactions, which are common in many applications.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of eval with Lua script suggests some form of obfuscation or complex logic execution but is not inherently malicious.
  • Credentials: No patterns indicative of credential harvesting were found.
  • Metadata: The repository was created recently and the maintainer has an incomplete profile with only one package.

📦 Package Quality Overall: Medium (5.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7370 chars)
◈ Medium Contributing Guide 7.0

Some contribution signals present

  • Governance file: security.py
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 123 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 90 commits in jwongso/astraea
  • Single author but highly active (90 commits)

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • : try: async with httpx.AsyncClient(timeout=3) as client: r = await client.get(f"{_L
  • : try: async with httpx.AsyncClient(timeout=10) as client: r = await client.post(
  • None: self._client = httpx.AsyncClient(base_url=_LLM_BASE_URL, timeout=120) self._system_pr
  • try: async with httpx.AsyncClient(timeout=8) as client: r = await client.post(
  • list[dict] = [] with httpx.Client(headers=_HEADERS, follow_redirects=True) as client:
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • result = await redis.eval( _LUA_ACQUIRE, 1, _GLOBAL_KEY,
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: riseup.net

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository created very recently: 6 day(s) ago (2026-06-01T11:34:10Z)

  • Repository created very recently: 6 day(s) ago (2026-06-01T11:34:10Z)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with astraea-framework 
Create a legal research assistant application using the 'astraea-framework' Python package. This application will enable users to query specific legal questions related to court decisions within their jurisdiction. The app should allow users to input a legal question or case scenario, and it will return relevant court decisions and summaries that could provide insights into similar cases. Additionally, the application should have the capability to filter results based on the type of law (e.g., criminal, civil), the time period of the decision, and the jurisdiction. Users should also be able to view the full text of the court decision directly from the app. To enhance user experience, include a feature where users can save their queries and results for future reference. The application should utilize the 'astraea-framework' package to process and retrieve information from public court databases. Your task is to design and implement this application, ensuring that it integrates seamlessly with the 'astraea-framework' package, providing accurate and useful legal information to the end-user.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!