audrey-memory

v1.0.3 suspicious
6.0
Medium Risk

Typed Python client for the Audrey LLM memory server

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium risk due to high shell execution risk and potential external service interaction, despite lacking clear signs of malicious intent or credential theft.

  • High shell risk due to Popen usage
  • Potential external service interaction
Per-check LLM notes
  • Network: The network calls appear to be for health checks and might be part of the intended functionality, but could indicate external service interaction.
  • Shell: Launching an external process via Popen is risky and may indicate unexpected behavior or potential for executing arbitrary code.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: Suspicious non-HTTPS link and new maintainer with only one package increase suspicion, but no clear typosquatting or other severe flags

📦 Package Quality Overall: Medium (6.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_client.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1552 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 35 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in Evilander/Audrey
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • None: self._client = httpx.Client( base_url=base_url.rstrip("/"), time
  • None: self._client = httpx.AsyncClient( base_url=base_url.rstrip("/"), time
  • y: response = httpx.get( f"{cls.base_url}/health",
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ) cls.process = subprocess.Popen( ["node", "dist/mcp-server/index.js", "serve"],
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:7437
Git Repository History

Repository Evilander/Audrey appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "evilander" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with audrey-memory 
Create a conversational history tracker application using the 'audrey-memory' Python package. This application will allow users to have conversations with an AI assistant and keep track of their interaction history, ensuring continuity in context and personalization across sessions. The application should support the following functionalities:

1. **User Authentication**: Users should be able to sign up and log in to their accounts to maintain personalized conversation histories.
2. **Conversation Tracking**: Track each user's conversation with the AI assistant, storing messages and responses in a structured format.
3. **Contextual Continuity**: Ensure that when a user resumes a conversation after a break, the AI assistant has access to the previous context, allowing for more natural and coherent interactions.
4. **History Review**: Provide a feature where users can review their past conversations, search through them, and filter based on date or keywords.
5. **Privacy Settings**: Allow users to manage who can view their conversation history, including options to share specific conversations or hide them entirely.
6. **Data Export**: Enable users to export their conversation history in various formats (e.g., CSV, JSON).
7. **AI Feedback Loop**: Implement a feedback system where users can rate the relevance and helpfulness of the AI's responses, which can then be used to improve future interactions.

The 'audrey-memory' package will be crucial in managing the storage and retrieval of conversation data. Specifically, it will handle the typed client-server communication with the Audrey LLM memory server, ensuring that all conversation data is stored securely and efficiently. Use the package's capabilities to integrate real-time data handling, allowing for seamless updates as new messages are exchanged. Additionally, leverage the package's typing support to enhance code readability and maintainability.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!