AI Analysis
Final verdict: SUSPICIOUS
The package shows moderate risks particularly due to network and shell execution concerns, though the exact nature of these interactions is unclear.
- Network calls with unclear purpose
- Potential shell command execution
Per-check LLM notes
- Network: The network calls appear to be related to performance monitoring or reporting, but the lack of context around LINEAR_URL and the specific endpoints queried raises some concern.
- Shell: The use of git commands suggests version control operations which can be benign, but direct shell command execution can pose risks if not properly sanitized or restricted.
- Obfuscation: The usage of eval with Lua scripts is likely for functional purposes rather than obfuscation.
- Credentials: Environment variable retrieval could be for configuration but lacks context to determine if it's securely handled.
- Metadata: The author information is incomplete and the maintainer has a single package, which could indicate a less established or potentially suspicious account.
Package Quality Overall: Medium (7.0/10)
β¦ High
Test Suite
9.0
Test suite present β 6 test file(s) found
Test runner config found: pyproject.toml6 test file(s) detected (e.g. test_check_allowlist.py)
β Medium
Documentation
7.0
Some documentation present
Documentation URL: "Documentation" -> https://github.com/atlanhq/application-sdk/README.mdDetailed PyPI description (3866 chars)
β Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
β Medium
Type Annotations
5.0
Partial type annotation coverage
306 type-annotated function signatures detected in source
β¦ High
Multiple Contributors
10.0
Active multi-contributor project
22 unique contributor(s) across 100 commits in atlanhq/application-sdkActive community β 5 or more distinct contributors
Heuristic Checks
Outbound Network Calls
score 9.0
Found 6 network call pattern(s)
s}).encode("utf-8") req = urllib.request.Request( LINEAR_URL, data=body, head, ) try: with urllib.request.urlopen(req, timeout=30) as resp: payload = json.cpu", actual=requests.get("cpu"), expected=f"<= 7 cores ({MAX_VPA_CPU_mory", actual=requests.get("memory"), expected="<= 27Gi",.cpu", actual=requests.get("cpu"), expected=f"<= vpa.maxAllowed.cpu ({vmory", actual=requests.get("memory"), expected=f"<= vpa.maxAllowed.memo
Code Obfuscation
score 4.0
Found 2 obfuscation pattern(s)
result = self.redis_client.eval( _LOCK_RELEASE_LUA_SCRIPT, 1, resource_id, oult = await self.redis_client.eval( _LOCK_RELEASE_LUA_SCRIPT, 1, resource_id, o
Shell / Subprocess Execution
score 10.0
Found 6 shell execution pattern(s)
ication_sdk/.""" result = subprocess.run( ["git", "log", "-1", "--format=%H", "--", "applicathe given SHA.""" result = subprocess.run( ["git", "log", "-1", "--format=%cI", sha],un(cmd, **kwargs): return subprocess.check_output(cmd, text=True, **kwargs).strip() def _set_output(key, valts(tag): return ( subprocess.run( ["git", "rev-parse", "--verify", tag], capture_ts=0 HEAD" last_tag = subprocess.check_output(last_tag_cmd, shell=True).decode().strip() logging.imat:%s%n%b" commits = subprocess.check_output(cmd, shell=True).decode().strip().split("\n") # Filt
Credential Harvesting
score 5.0
Found 2 credential access pattern(s)
t in DAPR SECRET_STORE_NAME = os.getenv("SECRET_STORE_NAME", "secretstore") #: Name of the deployment objecssion Name AWS_SESSION_NAME = os.getenv("AWS_SESSION_NAME", "temp-session") # Log batching configuration
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: atlan.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository atlanhq/application-sdk appears legitimate
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with atlan-application-sdk
Your task is to develop a fully functional mini-application using the Atlan Application SDK for Python. This application will serve as a simple data management tool that allows users to upload, organize, and query metadata about their datasets. Hereβs a detailed breakdown of the steps and features you need to implement: 1. **Setup**: Start by installing the Atlan Application SDK via pip and importing necessary modules from the package. 2. **Authentication**: Implement user authentication to secure access to the application. Users should be able to sign up and log in. 3. **Data Upload**: Create a feature where users can upload CSV files containing dataset metadata (e.g., name, description, tags). The application should validate the uploaded file format and content before processing. 4. **Metadata Management**: Allow users to view, edit, and delete metadata entries for their datasets. Each entry should include fields such as dataset name, description, creation date, and tags. 5. **Querying Metadata**: Develop a search functionality where users can query datasets based on various criteria (e.g., tags, date range). 6. **Visualization**: Integrate basic visualization tools to display trends and patterns in the dataset metadata over time. 7. **Notifications**: Set up a notification system that alerts users when specific events occur (e.g., new dataset added, updates made to existing datasets). 8. **Documentation**: Provide comprehensive documentation detailing how to use the application, including setup instructions, API endpoints, and example usage scenarios. Throughout the development process, ensure you leverage the core functionalities provided by the Atlan Application SDK to streamline your implementation. Pay special attention to best practices in software engineering, such as modular code structure, error handling, and testing.
π¬ Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue