avise

v0.2.2 suspicious
6.0
Medium Risk

AI Vulnerability Identification & Security Evaluation framework

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its potential for executing external commands and network communications, though there is no clear evidence of malicious intent. The low maintenance efforts and typosquatting behavior raise concerns.

  • network communication with external services
  • execution of pip install commands
  • low maintenance and effort
  • potential typosquatting
Per-check LLM notes
  • Network: The network calls suggest the package may be communicating with external services, which could be legitimate but also raises concerns about potential data exfiltration or C2 activities.
  • Shell: Executing pip install commands through subprocess indicates the package might be attempting to modify its own environment or install additional packages, which could introduce unexpected dependencies or vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious activity.
  • Metadata: The package shows signs of low maintenance and effort, but lacks clear indicators of malicious intent.
  • Typosquatting target: vine

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. context_test.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7379 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 91 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • response = requests.post( url=self.url, data=data, timeout=se
  • response = requests.post( url=self.url,
  • response = requests.get( url=self.url, data=data, timeout=se
  • response = requests.get( url=self.url,
  • response = requests.put( url=self.url, data=data, timeout=se
  • response = requests.put( url=self.url,
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ) try: subprocess.check_call( [sys.executable, "-m", "pip", "install", "t
Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 3.0

Possible typosquat of: vine

  • "avise" is 2 edit(s) from "vine"
Registered Email Domain

Email domain looks legitimate: oulu.fi>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Joni Kemppainen, Niklas Raesalmi" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with avise 
Build a simple Python application using the avise package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!