aw

v0.1.4 suspicious
5.0
Medium Risk

AI Agentic Workflows for data preparation and transformation

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits signs of potential obfuscation and low maintainer activity, which raises concerns about its integrity and purpose. While it does not show direct malicious intent, the combination of these factors makes it suspicious.

  • Obfuscation risk due to the use of 'exec' with dynamically generated code strings
  • Low maintainer activity and poor metadata quality
Per-check LLM notes
  • Network: The use of urllib to fetch headers is common and generally benign, but could be used for tracking or data collection.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: The use of 'exec' with dynamically generated code strings suggests potential obfuscation or code injection risks.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The package shows signs of low maintainer activity and poor metadata quality, raising suspicion.
  • ⚠ Typosquatting target: arq

πŸ“¦ Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present β€” 7 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 7 test file(s) detected (e.g. test_filestore_auto_init.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (9714 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 108 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 19 commits in thorwhalen/aw
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • Get headers with urllib.request.urlopen(url) as response: info = {
⚠ Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • <generated>", "exec") exec(compiled, namespace) except SyntaxError as e: raise Val
  • heck try: compile(code_str_for_func, "<generated>", "exec") except SyntaxError as e: raise ValueE
  • tax errors compiled = compile(code_str, "<generated>", "exec") exec(compiled, namespace) except SyntaxError
  • try: module = __import__(module_name) # Handle submodules (e.g., pandas.core)
βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

⚠ Typosquatting score 6.0

Possible typosquat of: arq, rq

  • "aw" is 2 edit(s) from "arq"
  • "aw" is 2 edit(s) from "rq"
βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Thor Whalen" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aw 
Create a Python-based mini-app called 'DataPrepPro' that streamlines the process of preparing datasets for machine learning tasks. This app should leverage the 'aw' package to automate and optimize common data preparation steps. Here’s a detailed breakdown of what your app should achieve:

1. **Data Ingestion**: Allow users to upload various types of datasets (CSV, Excel, SQL databases). Use the 'aw' package to handle the ingestion process efficiently.
2. **Data Cleaning**: Implement functions to clean the data by handling missing values, removing duplicates, and correcting data types. Utilize 'aw' for these operations to ensure they are performed robustly.
3. **Feature Engineering**: Provide tools for feature creation and transformation. For example, allow users to create new features based on existing ones or apply transformations like normalization or scaling. The 'aw' package should facilitate these tasks.
4. **Visualization**: Integrate basic visualization capabilities to help users understand their data better before and after processing. Use 'aw' to generate insightful visualizations that highlight key patterns and outliers.
5. **Model Preparation**: Prepare the cleaned and transformed data for machine learning models. This includes splitting data into training and testing sets, and possibly applying more complex transformations. Ensure 'aw' is used to streamline this process.
6. **Report Generation**: Automatically generate a report summarizing the data preparation steps taken, including statistics about the dataset and any changes made during cleaning and transformation. The 'aw' package should assist in compiling this information.

Your task is to design and implement these functionalities using the 'aw' package. Focus on making the user interface intuitive and the workflow seamless. Additionally, document each step of your implementation process and how 'aw' was utilized at every stage.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!