Package Metadata

Author: The Avalan Team
Email: [email protected]
PyPI: avalan
Python: <3.15,>=3.11
Versions: 57 releases
First release: 22 May 2025, 19:15 UTC
Analysed: 08 Jun 2026, 02:50 UTC
Source files: 61 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: EducationIntended Audience :: Science/ResearchLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.14

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant signs of obfuscation, potentially hiding malicious behavior, despite having low scores in other risk categories. The metadata also contains non-secure links and a new maintainer account, raising additional suspicion.

High obfuscation risk
Non-secure links in metadata
New maintainer account

Per-check LLM notes

Network: No network calls detected, which is normal unless the package requires external services.
Shell: No shell execution detected, indicating no direct system command execution.
Obfuscation: The code shows signs of obfuscation which may hinder analysis and understanding, raising suspicion about its true intentions.
Credentials: No clear patterns indicative of credential harvesting were found.
Metadata: The package has non-secure links and a new maintainer account, which raises some suspicion, but there are no clear signs of typosquatting or other malicious activities.

📦 Package Quality Overall: Low (4.6/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/avalan-ai/avalan#readme
Detailed PyPI description (81836 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

483 type-annotated function signatures detected in source

◈ Medium Multiple Contributors 6.0

Limited contributor diversity

2 unique contributor(s) across 100 commits in avalan-ai/avalan
Two distinct contributors found

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

ync", prompt_tokens) def eval(self, token_id: int) -> None: """Evaluate one token
t) -> Any: numpy_linalg = __import__("numpy.linalg", fromlist=["norm"]) return cast(Any, numpy_linalg.norm(value)) class Fanc

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: avalan.ai

⚠ Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

Non-HTTPS external link: http://127.0.0.1:9001/v1
Non-HTTPS external link: http://127.0.0.1:9001/v1/responses
Non-HTTPS external link: http://127.0.0.1:9001/mcp

✓ Git Repository History

Repository avalan-ai/avalan appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "The Avalan Team" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with avalan

Create a fully-functional mini-application named 'AI Orchestrator' using the Python package 'avalan'. This application will serve as a simple but powerful tool for orchestrating AI agents across different backends and modalities. Here’s a step-by-step guide on what your application should do:

1. **Setup Environment**: Begin by setting up a virtual environment and installing the 'avalan' package along with any necessary dependencies.
2. **Define Agents**: Utilize 'avalan' to define several AI agents that can interact with various backends (e.g., local models, cloud services). Each agent should have a specific modality (text, image, audio).
3. **Orchestration Logic**: Implement logic within the 'AI Orchestrator' that allows users to select which agents they want to use together in a workflow. For example, a user might want to process an image through an image recognition agent and then pass the result to a text summarization agent.
4. **User Interface**: Develop a basic command-line interface (CLI) where users can input commands to start workflows involving the defined agents. Additionally, consider integrating a simple web-based UI for easier interaction.
5. **Deployment**: Use 'avalan' to deploy the orchestrated workflow either locally or on a cloud service of your choice. Ensure that the deployment process is straightforward and documented.
6. **Monitoring and Logging**: Incorporate monitoring and logging capabilities into your application so that users can track the performance and status of their workflows.
7. **Documentation and Testing**: Provide comprehensive documentation and ensure thorough testing of all functionalities.

Suggested Features:
- Support for multiple backends including local models, AWS Sagemaker, Google Cloud AI, etc.
- Flexible modality support allowing agents to handle text, images, audio, and video.
- Easy-to-use CLI and web UI for managing workflows.
- Real-time monitoring and logging for each workflow execution.
- Scalable deployment options, both local and cloud-based.

By leveraging 'avalan', you'll be able to create a versatile and robust platform for orchestrating AI workflows without needing deep expertise in each backend or modality.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Low (4.6/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue