astrbot-plugin-proactive-chat

v0.1.7 suspicious
5.0
Medium Risk

AIRI-like proactive group chat plugin for AstrBot.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has legitimate purposes but shows high metadata risk due to recent rapid commits and low maintainer activity. This raises concerns about potential supply-chain attacks.

  • High metadata risk due to rapid commits and low maintainer activity.
  • Potential legitimacy undermined by suspicious metadata indicators.
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require internet access.
  • Shell: Subprocess execution may be legitimate for running scripts, but should be reviewed to ensure it does not execute unauthorized commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: Highly suspicious due to recent rapid commits and low maintainer activity.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 14 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 14 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3213 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 129 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 16 commits in yurisachan16-creator/astrbot_plugin_proactive_chat
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • trbot_runtime(): result = subprocess.run( [sys.executable, str(ROOT / "scripts" / "smoke_chec
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • All 16 commits happened within 24 hours
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "aitwo" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with astrbot-plugin-proactive-chat 
Build a simple Python application using the astrbot-plugin-proactive-chat package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!