atproto

v0.0.67 suspicious
4.0
Medium Risk

The AT Protocol SDK

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low risks in terms of network, shell, and obfuscation activities, with no evident malicious behavior. However, the metadata risk due to the maintainer's limited history on PyPI warrants further scrutiny.

  • Metadata risk due to single package by maintainer
  • No clear evidence of malicious activity
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires them for functionality.
  • Shell: No shell execution detected, indicating no immediate risk from command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package on PyPI, suggesting they may be new or less active, which could indicate potential risk but lacks clear evidence of malicious intent.

📦 Package Quality Overall: Medium (5.0/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://atproto.blue
  • Detailed PyPI description (12301 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 116 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 11 unique contributor(s) across 100 commits in MarshalX/atproto
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: marshal.dev

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository MarshalX/atproto appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Ilya (Marshal)" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with atproto 
Create a social media feed aggregator app using the AT Protocol SDK (Python package 'atproto'). This app will allow users to sign up, log in, and follow other users across different AT Protocol-compatible platforms. Users can view their aggregated feed of posts from followed users, like and comment on posts, and also post their own content which can then be syndicated across multiple AT Protocol platforms. 

Key Features:
- User Authentication: Implement sign-up and login functionality using atproto.
- Follow System: Allow users to follow other users from different AT Protocol networks.
- Feed Aggregation: Display a feed of posts from followed users, showing the original source platform.
- Post Creation: Enable users to create posts that get syndicated to all followed networks.
- Interaction: Users can like and comment on posts.

How to Use 'atproto':
- Utilize the atproto package to handle user authentication, such as signing up, logging in, and managing sessions.
- Use atproto to interact with different AT Protocol servers to fetch and post content.
- Implement the follow system by utilizing atproto's capabilities to manage user relationships across different networks.
- For the feed aggregation feature, leverage atproto to fetch posts from various sources and aggregate them into a single feed.
- When users create posts, use atproto to send the posts to each followed network.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!