autorunne

v0.6.31 suspicious
5.0
Medium Risk

Local-first agent development workspace that turns any repo into an Autorunne project.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to potential shell command injection and obfuscated code, though there's no concrete evidence of malicious intent.

  • High obfuscation risk
  • Potential shell risk
Per-check LLM notes
  • Network: The network call is likely for fetching package metadata from PyPI, which is normal.
  • Shell: Shell execution may be used for git operations within the package but could pose a risk if commands are dynamically generated or involve user input without sanitization.
  • Obfuscation: The code uses unconventional variable names and import patterns which may indicate an attempt to obscure the functionality.
  • Credentials: No clear signs of credential harvesting were found in the provided snippet.
  • Metadata: The maintainer has only one package, which could indicate a new or less active user, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: pyproject.toml
  • 9 test file(s) detected (e.g. test_cli.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5759 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 332 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 57 commits in HUAFIRE777/autorunne
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • float = 2.0) -> str: with urllib.request.urlopen(PYPI_JSON_URL, timeout=timeout) as response:
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ing="utf-8") subprocess = __import__("subprocess") subprocess.run(["git", "add", "src/index.js"], cwd=node
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • "autorunne"] completed = subprocess.run(command, text=True, capture_output=True, check=False) if
  • return None result = subprocess.run(command, cwd=repo_root, shell=True, capture_output=True, tex
  • tedProcess[str]: result = subprocess.run( ["git", *args], cwd=repo_root, text
  • -> Path | None: result = subprocess.run( ["git", "rev-parse", "--show-toplevel"], cw
  • , exist_ok=True) result = subprocess.run( ["git", "init"], cwd=repo_root, tex
  • str], cwd: Path) -> None: subprocess.run(command, cwd=cwd, check=True, text=True) def _git_commit_s
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository HUAFIRE777/autorunne appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Hermes Agent" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autorunne 
Create a personal task management application using the 'autorunne' Python package. This app will allow users to manage their daily tasks efficiently by adding, deleting, updating, and viewing tasks. Additionally, it should include features like setting priorities, due dates, and categories for each task. Utilize 'autorunne' to turn your repository into a full-fledged development workspace, enabling you to quickly iterate on your application's functionality.

Steps to Build the Application:
1. Initialize a new 'autorunne' project in your preferred code editor or IDE by following the official documentation.
2. Design the database schema to store task information such as title, description, priority level, due date, and category.
3. Implement CRUD operations (Create, Read, Update, Delete) for managing tasks through command-line interfaces or simple web forms.
4. Add functionality to sort and filter tasks based on priority levels, due dates, and categories.
5. Integrate a user authentication system to ensure only authorized users can manage their own tasks.
6. Use 'autorunne' to automatically run tests and update dependencies as you develop, ensuring a smooth and efficient workflow.
7. Deploy your application locally or to a cloud service provider of your choice for easy access from anywhere.

Features:
- Ability to add new tasks with various attributes including title, description, priority, due date, and category.
- Option to delete tasks once completed or no longer needed.
- Functionality to update existing task details as needed.
- Interface to view all tasks sorted by different criteria.
- User authentication to protect individual task lists.
- Integration with 'autorunne' for seamless development experience.

How 'autorunne' is Used:
- Turn your repository into an 'autorunne' project to leverage its local-first workspace capabilities.
- Automatically run tests and update dependencies with 'autorunne' commands to streamline the development process.
- Utilize 'autorunne' features to enhance collaboration and productivity within your development environment.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!