astrbot-proactive-core

v0.1.0 suspicious
4.0
Medium Risk

Shared queue and safety primitives for AstrBot proactive chat plugins.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has low risks associated with network calls, obfuscation, and credential harvesting. However, there is a moderate risk due to shell execution, and high metadata risk due to low activity and potential lack of maintenance.

  • Shell risk detected, requires further investigation.
  • Repository shows signs of low activity and potential lack of maintenance.
Per-check LLM notes
  • Network: No network calls detected, which is normal and does not indicate any risk.
  • Shell: Detection of shell execution may be part of the package's functionality for running tests or other scripts, but should be reviewed for its purpose to ensure it is not being used maliciously.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious credential theft.
  • Metadata: The repository shows signs of low activity and potential lack of maintenance, raising concerns about its legitimacy and intent.

📦 Package Quality Overall: Low (4.6/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • Test runner config found: pyproject.toml
  • 4 test file(s) detected (e.g. test_errors.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (840 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 16 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 1 commits in yurisachan16-creator/astrbot_proactive_core
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • script_passes(): result = subprocess.run( [sys.executable, str(ROOT / "scripts" / "smoke_chec
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
  • Very few commits: 1 total
  • Single contributor with only 1 commit(s) — possibly throwaway account
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author "aitwo" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with astrbot-proactive-core 
Build a simple Python application using the astrbot-proactive-core package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!