auditai-sdk

v0.2.6 suspicious
5.0
Medium Risk

EU AI Act Compliance + AI Monitoring SDK — wrap Claude/GPT, track cost & latency, generate Art. 26 reports

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to network and shell execution vulnerabilities, which could potentially be exploited. However, there's no evidence of obfuscation or credential misuse.

  • Moderate network risk due to urllib usage
  • Significant shell risk from subprocess calls
Per-check LLM notes
  • Network: The use of urllib to make network requests is common but could be a vector for data exfiltration if not properly secured.
  • Shell: Executing external commands via subprocess can pose significant risks if not controlled properly, potentially allowing for arbitrary code execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of sensitive information.
  • Metadata: The package shows signs of potential inactivity or newness with an author having minimal information and a low presence in the repository.

📦 Package Quality Overall: Low (4.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_core.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2719 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 28 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 16 commits in marcduboistech-eng/auditai
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • " upstream_req = urllib.request.Request( upstream_url, data=raw_body, header
  • try: with urllib.request.urlopen(upstream_req, timeout=120) as resp:
  • try: req = urllib.request.Request(upstream_url, headers=upstream_headers)
  • headers) with urllib.request.urlopen(req, timeout=30) as resp: raw =
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • e__), "dashboard.py") subprocess.run([ sys.executable, "-m", "streamlit", "run", _das
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with auditai-sdk 
Create a mini-application called 'AI Monitor Pro' that leverages the 'auditai-sdk' package to ensure compliance with the EU AI Act while providing developers with real-time monitoring capabilities for their AI services. This application will integrate with popular AI models like Claude and GPT to offer a suite of features designed to streamline compliance processes and enhance operational efficiency.

Step-by-Step Application Requirements:
1. Integration Setup: Begin by setting up the integration between 'AI Monitor Pro' and the 'auditai-sdk'. Ensure that the application can authenticate and connect to AI models like Claude and GPT using the SDK.
2. Real-Time Cost Tracking: Implement a feature that monitors and tracks the costs associated with running AI models in real-time. This should include breaking down costs per request and displaying them in a user-friendly dashboard.
3. Latency Measurement: Add functionality to measure the latency of each AI model request. Display these measurements alongside the cost tracking information to give users insight into performance metrics.
4. Compliance Reporting: Utilize the 'auditai-sdk' to automatically generate Article 26 compliance reports. These reports should detail the usage of AI models over a specified period and include relevant data points as required by the EU AI Act.
5. User Interface: Design a clean, intuitive UI that allows users to easily access all features. Include options to view cost and latency data, manage API keys, and download compliance reports.

Suggested Features:
- Customizable alert system for high-cost or high-latency requests.
- Historical data analysis tools to identify trends and optimize AI usage.
- Support for multiple AI models through the 'auditai-sdk'.
- Export functionality for compliance reports in various formats (PDF, CSV).

How to Use 'auditai-sdk':
- For authentication and connection setup, utilize the SDK's built-in methods to securely handle API keys and other sensitive information.
- To track costs and latency, leverage the SDK's monitoring APIs which provide detailed insights into each request made to AI models.
- For generating compliance reports, use the SDK's reporting tools which automatically compile necessary data according to EU AI Act guidelines.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!