atv-paperboard

v0.1.4 suspicious
6.0
Medium Risk

Cross-harness HTML artifact toolkit for AI coding agents. Native plugins for Claude Code, Codex CLI, and GitHub Copilot CLI + GitHub Actions recipe for the Copilot Coding Agent. Enforce, render, persist, compound.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks associated with network requests and shell command execution, which could potentially be exploited for malicious purposes. However, there are no clear signs of obfuscation, credential harvesting, or other typical malicious behaviors.

  • High network risk due to communication with npmjs.org
  • High shell risk due to execution of external commands
Per-check LLM notes
  • Network: Making network requests to npmjs.org is unusual and may indicate unexpected behavior or an attempt to communicate with external services.
  • Shell: Executing shell commands and capturing their output suggests potential for executing arbitrary code, which could be indicative of malicious intent.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags are present.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 16 test file(s) found

  • Test runner config found: pyproject.toml
  • 16 test file(s) detected (e.g. test_adapter_claude_code.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (23257 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 107 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 49 commits in All-The-Vibes/ATV-PaperBoard
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • a: PLC0415 req = urllib.request.Request( "https://registry.npmjs.org/@google
  • ) with urllib.request.urlopen(req, timeout=3) as resp: # noqa: S310
  • st # noqa: PLC0415 with urllib.request.urlopen(url, timeout=10) as resp: # noqa: S310 cont
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ry: global_root = subprocess.run( [npm_exe, "root", "-g"], ca
  • bin_js] + args result = subprocess.run( cmd, capture_output=True, text=True
  • resolve_binary() result = subprocess.run( [node_exe, bin_js, "--version"], capture_ou
  • n try: node_ver = subprocess.check_output( ["node", "--version"], text=True, stderr=subpro
  • import subprocess proc = subprocess.run( [sys.executable, "-m", "core.cli", "schema", "--lis
  • th.name}", ] result = subprocess.run(cmd, capture_output=True, timeout=120) assert png.exists
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository All-The-Vibes/ATV-PaperBoard appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "All The Vibes" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with atv-paperboard 
Create a mini-application named 'AI_CodeWorkbench' using the Python package 'atv-paperboard'. This application will serve as a versatile platform for developers to manage their code artifacts across different AI coding assistants like Claude Code, Codex CLI, and GitHub Copilot. The goal is to streamline the process of generating, rendering, persisting, and compounding code snippets and artifacts through these tools.

Key Features:
1. Artifact Generation: Users can input a problem statement or code snippet requirement, and the app will use 'atv-paperboard' to generate suitable artifacts using Claude Code, Codex CLI, and GitHub Copilot.
2. Artifact Rendering: Once artifacts are generated, they can be rendered into human-readable formats such as HTML or Markdown files, allowing users to easily review and understand the generated content.
3. Artifact Persistence: Users should have the ability to save their artifacts locally or in cloud storage, ensuring that their work is not lost and can be accessed later.
4. Compound Artifacts: The application should allow users to combine multiple artifacts into a single cohesive unit, enhancing the functionality of individual snippets.
5. Integration with GitHub: Utilize GitHub Actions recipes provided by 'atv-paperboard' to automatically run the AI coding agents when specific events occur in a GitHub repository, such as a pull request being opened or a new branch being created.

How 'atv-paperboard' is Utilized:
- Use 'atv-paperboard' to enforce standards and best practices for artifact generation across different AI coding assistants.
- Leverage the native plugins for Claude Code, Codex CLI, and GitHub Copilot CLI to ensure seamless integration and usage within the application.
- Implement the GitHub Actions recipe to automate the workflow, making it easier for developers to integrate AI-generated code artifacts directly into their development processes.

Your task is to design and implement the 'AI_CodeWorkbench' application, ensuring it adheres to the outlined features and effectively utilizes 'atv-paperboard' to provide a robust solution for managing code artifacts.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!