auto-gateway

v0.1.2 suspicious
4.0
Medium Risk

Async auto-gateway with provider routing

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has moderate risks due to potential obfuscation and low maintainer activity, though no concrete evidence of malicious activities was found.

  • Moderate obfuscation risk
  • Low maintainer activity and metadata quality
Per-check LLM notes
  • Network: The presence of network calls is likely expected if the package interacts with external services.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of base64 decoding suggests some level of obfuscation, but it is not conclusive evidence of malicious intent without additional context.
  • Credentials: No clear patterns indicating credential harvesting were found.
  • Metadata: The package shows low maintainer activity and lacks essential metadata, raising concerns about its legitimacy and maintenance efforts.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 8 test file(s) found

  • Test runner config found: pyproject.toml
  • 8 test file(s) detected (e.g. test_alias_feature.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (22777 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 90 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • a_body) async with httpx.AsyncClient(timeout=timeout, headers=headers) as client: re
  • stalling async with httpx.AsyncClient(timeout=timeout, headers=headers) as client: as
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • raw_bytes = base64.b64decode(b64_data) parts.append(type
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with auto-gateway 
Build a simple Python application using the auto-gateway package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!