authhub-rbac-sdk

v0.1.1 suspicious
5.0
Medium Risk

子平台接入 AuthHub 的官方 Python SDK:登录、运行时鉴权一站直达。

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some concerns regarding metadata and network usage, but lacks clear indicators of malicious activity. It's recommended to proceed with caution.

  • Suspicious non-HTTPS link
  • Lack of GitHub repository
Per-check LLM notes
  • Network: The use of HTTP/HTTPS clients is common for authenticating and authorizing requests in RBAC SDKs, suggesting legitimate network communication.
  • Shell: No shell execution patterns were detected, indicating low risk of shell command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No secret harvesting patterns detected, indicating low risk.
  • Metadata: Suspicious non-HTTPS link and lack of GitHub repository indicate potential issues, but no clear signs of typosquatting or malicious intent.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • Test runner config found: pyproject.toml
  • 4 test file(s) detected (e.g. test_client.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7537 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 52 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • self._http = client or httpx.Client( timeout=config.timeout, verify=conf
  • self._http = client or httpx.AsyncClient( timeout=config.timeout, verify=conf
  • config=authhub_config, client=httpx.Client(transport=transport)) result = client.login("alice", "s
  • config=authhub_config, client=httpx.Client(transport=transport)) outcome = client.authorize("tok",
  • config=authhub_config, client=httpx.Client(transport=transport)) me = client.me("tok") assert
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://authhub.internal:6001
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AuthHub Team" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with authhub-rbac-sdk 
Build a simple Python application using the authhub-rbac-sdk package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!