autoclaude-cli

v2.8.5 suspicious
6.0
Medium Risk

Local runner for AutoClaude. Executes orchestration plans with your Claude Max/Pro subscription.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk profile due to its attempt to access sensitive system files and the execution of subprocess commands, which could lead to potential unauthorized actions.

  • High credential risk due to attempts to access sensitive system files
  • Shell risk due to execution of subprocess commands
Per-check LLM notes
  • Network: Network calls to external URLs may indicate legitimate API interactions but should be reviewed for unexpected destinations.
  • Shell: Execution of subprocess commands can pose risks if not properly sanitized, especially if input is taken from untrusted sources.
  • Obfuscation: No signs of obfuscation techniques being used.
  • Credentials: The attempts to access '/etc/passwd' and '../etc/passwd' suggest potential unauthorized access to sensitive files, indicating high risk for credential harvesting.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 27 test file(s) found

  • Test runner config found: conftest.py
  • 27 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5009 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 608 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in grezy-software/autoclaude-cli
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • r(msg) self._client = httpx.Client( base_url=profile.url.rstrip("/"), t
  • .close() client._client = httpx.Client( base_url=client._profile.url.rstrip("/"), t
  • Transport(handler) return httpx.Client(base_url="http://test", transport=transport) def test_doc_
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • """ try: result = subprocess.run(argv, check=False, capture_output=True, text=True, timeout=6
  • depend on the parent's ``subprocess.Popen(env=...)`` propagation. ``--preserve-environment`` keeps
  • rchive_lock = None proc = subprocess.Popen( argv, cwd=str(cwd), stdout=subproce
  • s(KeyboardInterrupt): subprocess.run(cmd, check=False) @app.command() def restart() -> None:
  • letedProcess[str]: return subprocess.run( ["systemctl", "--user", *args], check=False
  • ls watcher)...") result = subprocess.run( [apt, "install", "-y", "inotify-tools"], ch
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • storage.resolve_safe("../etc/passwd") def test_resolve_safe_rejects_absolute(tmp_path: Path)
  • storage.resolve_safe("/etc/passwd") def test_resolve_safe_allows_nested(tmp_path: Path) ->
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository grezy-software/autoclaude-cli appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Grezy Software" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autoclaude-cli 
Create a Python-based utility called 'AutoTaskMaster' that leverages the 'autoclaude-cli' package to automate the execution of tasks based on predefined orchestration plans. This utility will allow users to define complex workflows that can include multiple steps, each utilizing different AI capabilities provided by the Claude platform. Here are the key functionalities you need to implement:

1. **User Interface**: Develop a simple CLI interface where users can input their orchestration plans. Each plan should be a JSON file that specifies the sequence of tasks, the parameters for each task, and any conditions that dictate the flow between tasks.
2. **Plan Execution**: Utilize 'autoclaude-cli' to execute these plans locally. Ensure that the utility can handle different types of tasks, such as text generation, data analysis, and decision-making processes, all orchestrated through the Claude platform.
3. **Logging and Monitoring**: Implement logging to track the progress and outcomes of each task within the plan. Users should be able to review logs to understand the execution history and troubleshoot any issues.
4. **Error Handling**: Include robust error handling to manage scenarios where a task fails. The utility should be able to log errors, notify the user via email or SMS about failures, and optionally retry failed tasks based on user-defined parameters.
5. **Customizability**: Allow users to customize the behavior of tasks by adding custom scripts or functions that integrate with the Claude API. These customizations could enhance the functionality of standard tasks or introduce entirely new ones.
6. **Security Measures**: Since the utility will interact with sensitive data and APIs, ensure it includes security measures such as secure storage of API keys, encryption of sensitive information, and validation of inputs to prevent injection attacks.
7. **Documentation**: Provide comprehensive documentation that guides users through setting up the utility, writing orchestration plans, and troubleshooting common issues. Include examples of various use cases and sample plans to demonstrate the utility's versatility.

This project aims to showcase the power of 'autoclaude-cli' in streamlining complex workflows and integrating AI-driven automation into everyday tasks.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!