AI Analysis
Final verdict: SUSPICIOUS
The package has moderate risk due to potential author inactivity and lack of repository visibility, despite showing no direct malicious activities.
- Metadata risk score of 5 out of 10
- No significant security risks identified in other categories
Per-check LLM notes
- Network: The presence of network calls is expected if the package relies on HTTP requests to external services.
- Shell: No shell execution patterns were detected, indicating no immediate risk from this aspect.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
- Credentials: No credential harvesting patterns detected, suggesting no attempt to steal secrets.
- Metadata: The package shows signs of potential author inactivity and lack of repository visibility, raising some suspicion.
Package Quality Overall: Medium (5.6/10)
✦ High
Test Suite
9.0
Test suite present — 3 test file(s) found
Test runner config found: conftest.pyTest runner config found: pyproject.toml3 test file(s) detected (e.g. conftest.py)
◈ Medium
Documentation
7.0
Some documentation present
Documentation URL: "Docs" -> https://attestd.io/docsDetailed PyPI description (9063 chars)
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
7.0
Partial type annotation coverage
Classifier: Typing :: Typed24 type-annotated function signatures detected in source
○ Low
Multiple Contributors
1.0
Could not retrieve contributor data from GitHub
GitHub API error: 404
Heuristic Checks
Outbound Network Calls
score 3.0
Found 2 network call pattern(s)
_retries self._http = httpx.Client( base_url=base_url, headers=make_hea_retries self._http = httpx.AsyncClient( base_url=base_url, headers=make_hea
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 3.0
Repository not found (deleted or private)
Repository not found (deleted or private)
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with attestd
Create a web-based security risk assessment tool using Python and the Attestd SDK. This tool will allow users to input domain names or IP addresses and receive a detailed report on potential security risks associated with these inputs. The application should have a user-friendly interface where users can enter their queries and view results in real-time. Additionally, the tool should store historical data so that users can review past assessments. Key Features: - User Input: Users can enter domain names or IP addresses. - Real-Time Assessment: The application should provide immediate feedback based on the Attestd API calls. - Detailed Reports: Display comprehensive reports including risk scores, detected vulnerabilities, and mitigation strategies. - Historical Data Storage: Store previous assessments for each user account. - User Accounts: Allow users to create accounts to save and manage their assessments. - Secure Authentication: Implement secure login mechanisms to protect user data. How to Utilize 'attestd': - Use the 'attestd' package to make API requests for security risk assessments of the provided domain names or IP addresses. - Integrate the package's functionality into your backend to process and analyze the returned data. - Ensure all data handling respects privacy and security best practices.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue