Package Metadata

Author: Software Factory
Email: —
PyPI: autodev-x
Python: >=3.10
Versions: 2 releases
First release: 14 May 2026, 14:04 UTC
Analysed: 08 Jun 2026, 00:23 UTC
Source files: 63 .py files scanned

Project Links

Changelog Documentation Homepage Issues Repository

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks associated with shell commands, obfuscation techniques, and network behavior, indicating potential malicious activities. While there's no concrete evidence of direct credential theft, the overall pattern is concerning.

High shell risk due to unsafe usage of os.system and subprocess.run
Significant obfuscation risk from the use of eval() and exec()

Per-check LLM notes

Network: Network calls indicate custom handling of connections and potential suppression of redirects, which may be unusual and warrant further investigation.
Shell: Direct use of os.system and subprocess.run poses significant risks of command injection and unauthorized execution, suggesting potential malicious intent.
Obfuscation: The presence of 'eval()' and 'exec()' indicates potential for code injection, suggesting malicious intent unless proven otherwise.
Credentials: No clear evidence of direct credential harvesting, but suspicious patterns may indicate indirect methods or misuse of environmental variables.
Metadata: Suspicious due to rapid commit history and non-secure external link.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

Test runner config found: pyproject.toml
2 test file(s) detected (e.g. pyproject.toml)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/merchloubna70-dot/autodev-x/blob/main/REA
Detailed PyPI description (11442 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
364 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 6.0

Limited contributor diversity

2 unique contributor(s) across 100 commits in merchloubna70-dot/autodev-x
Two distinct contributors found

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

rt validation. sock = socket.create_connection( (self.host, self.port), timeout=sel
request still flows through ``urllib.request.OpenerDirector.open`` — only the connection target (IP)
-- class _NoRedirectHandler(urllib.request.HTTPRedirectHandler): """Suppress automatic redirect fol
e) class _PinnedHTTPHandler(urllib.request.HTTPHandler): """urllib HTTPHandler that directs connect
HTTPConnection], req: urllib.request.Request, **http_conn_args: Any, ) -> Any:
] class _PinnedHTTPSHandler(urllib.request.HTTPSHandler): """urllib HTTPSHandler that directs TLS c

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

on", Severity.BLOCKER), ("eval(", False, "injection", "eval() — code injection risk",
(", False, "injection", "eval() — code injection risk", Severity.BLOCKER), ("exec(", F
=endpoint, auth_token=__import__("os").environ.get("AUTODEV_A2A_TOKEN"), ) card = transpor

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

risk", Severity.MAJOR), ("os.system(", False, "injection", "os.system() — shell injection r
(", False, "injection", "os.system() — shell injection risk", Severity.MAJOR), # Dangerous
).""" try: proc = subprocess.run( cmd, cwd=str(cwd), capt
try: proc = subprocess.run( cmd, cwd=str(repo),
try: self._proc = subprocess.Popen( argv, stdin=subprocess.PIPE
try: proc = subprocess.run( argv, env=os.environ.copy()

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

Non-HTTPS external link: http://127.0.0.1:8421

⚠ Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks
All 100 commits happened within 24 hours

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Software Factory" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autodev-x

Create a fully-functional mini-application called 'AutoDevHelper' using the 'autodev-x' package. This application will serve as a personal development assistant, automating common tasks and providing intelligent suggestions based on your project needs. The goal is to streamline the development process by integrating AI-driven tools and services provided by 'autodev-x'. Here's a detailed breakdown of what the application should do:

1. **Project Setup**: Automatically set up a new project based on user input, such as project type, programming language, and desired features.
2. **Task Automation**: Automate repetitive tasks like code formatting, linting, testing, and documentation generation.
3. **Code Suggestions**: Provide intelligent code suggestions and refactorings based on the current context of the project.
4. **Dependency Management**: Automatically manage dependencies by fetching the latest versions and ensuring compatibility.
5. **Feedback Loop**: Implement a feedback loop where the application learns from the user's interactions and preferences over time, improving its suggestions and automation processes.

To achieve these functionalities, utilize the following core features of the 'autodev-x' package:
- Multi-CLI Router: Use this to integrate multiple command-line interfaces into a single, cohesive tool.
- A2A Roundtable: Leverage this for collaborative coding sessions where AI and human developers can work together seamlessly.
- MCP Server: Utilize this to manage and distribute tasks across different environments and machines efficiently.
- Scale-Adaptive Delivery: Take advantage of this feature to handle projects of varying sizes and complexity levels without performance degradation.

By the end of this project, you should have a versatile application that not only simplifies the development workflow but also enhances productivity through smart automation and AI assistance.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.2/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue