auto-round-hpu

v0.13.0 suspicious
6.0
Medium Risk

Repository of AutoRound: Advanced Weight-Only Quantization Algorithm for LLMs

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is flagged due to its obfuscated code and the unusual spacing, along with the use of eval(). Additionally, the maintainer's single package and the presence of a non-HTTPS link contribute to a higher risk profile.

  • Significant obfuscation techniques used
  • Usage of eval() function
  • Maintainer has only one package on PyPI
  • Non-HTTPS link provided
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution appears to be for version control operations, not indicative of malicious activity.
  • Obfuscation: The code shows signs of obfuscation with unusual spacing and usage of eval(), which could indicate an attempt to hide malicious intent.
  • Credentials: No patterns indicative of credential harvesting were detected.
  • Metadata: The package has a non-HTTPS link and the maintainer has only one package on PyPI, which could indicate a less experienced or potentially suspicious maintainer.

📦 Package Quality Overall: Low (4.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (21418 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 256 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 18 unique contributor(s) across 100 commits in intel/auto-round
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • , ) else: eval(args) def run(): if "list" in sys.argv or "--list" in
  • ) -> None: self.model.eval() # Keep rotation matrices on the model — they are
  • .deepcopy(model) original.eval() for p in original.parameters(): p.requires_gra
  • thogonality(model) model.eval() return TrainingResult( loss_history=loss_hist
  • return {} self.model.eval() device = next(self.model.parameters()).device
  • ty_cache() self.model.eval() def _trigger_event(self, event_name: str, **kwargs) -
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • (): try: result = subprocess.run( ["git", "describe", "--exact-match", "--tags"],
  • n__ try: result = subprocess.run(["git", "describe", "--tags"], capture_output=True, text=Tru
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: intel.com

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://arxiv.org/abs/2512.04746
Git Repository History

Repository intel/auto-round appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Intel AIPT Team" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with auto-round-hpu 
Develop a mini-application that leverages the 'auto-round-hpu' package to demonstrate advanced weight-only quantization on a pre-trained language model. This application will serve as a tool for researchers and developers interested in optimizing their models for deployment on hardware with limited precision capabilities. The application should include the following functionalities:

1. **Model Selection**: Allow users to select from a predefined list of popular pre-trained language models such as BERT, GPT, or T5.
2. **Quantization Configuration**: Provide options for users to configure the quantization process, including specifying the bit-width for weights (e.g., 4-bit, 8-bit).
3. **Performance Metrics**: After applying quantization, the application should compare the performance metrics (such as perplexity, accuracy, or F1 score) of the original model versus the quantized version on a set of test data.
4. **Visualization**: Implement visualizations to show the differences between the original and quantized models' outputs on sample inputs.
5. **Export Functionality**: Enable users to export the quantized model to common formats like ONNX or TensorFlow SavedModel for further use.

The 'auto-round-hpu' package is utilized during the quantization step where its advanced weight-only quantization algorithm is applied to the selected model. Users should be able to see the benefits of using this method over traditional quantization techniques through the performance metrics and visual comparisons provided by the application.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!