aws-sdk-ec2

v0.1.0 suspicious
4.0
Medium Risk

Python SDK for Amazon EC2.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk score due to the credential handling practices and lack of metadata, suggesting potential unreliability.

  • Credential risk: Credentials retrieved from environment variables may not be handled securely.
  • Metadata risk: Missing author and repository link.
Per-check LLM notes
  • Network: No network calls are expected in a benign scenario, but since aws-sdk-ec2 is likely a wrapper for AWS SDK functionalities, minimal network activity to AWS services might be anticipated.
  • Shell: Shell execution is not typically expected in a Python package unless it explicitly requires executing system commands for its functionality.
  • Obfuscation: No obfuscation patterns detected in the provided code snippet.
  • Credentials: The code appears to be retrieving AWS credentials from environment variables which is common practice for authenticating with AWS services, but it may pose a risk if these credentials are not handled securely.
  • Metadata: The package shows some red flags such as a missing author and a lack of repository link, indicating potential unreliability.

📦 Package Quality Overall: Low (4.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2250 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 133 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 10.0

Found 6 credential access pattern(s)

  • -> Credentials: ak = os.environ.get("AWS_ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCE
  • _ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCESS_KEY") if not ak or not sk:
  • ret_key": sk} token = os.environ.get("AWS_SESSION_TOKEN") if token: out["session_t
  • self._profile = profile or os.environ.get("AWS_PROFILE", "default") self._cred_file = credentials_f
  • als_file or Path( os.environ.get("AWS_SHARED_CREDENTIALS_FILE") or Path.home() / ".aws
  • fig_file or Path( os.environ.get("AWS_CONFIG_FILE") or Path.home() / ".aws" / "config" )
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aws-sdk-ec2 
Create a Python-based command-line utility named 'EC2Manager' that leverages the AWS SDK for Python (Boto3), which includes the 'aws-sdk-ec2' functionality, to manage Amazon EC2 instances. This utility should allow users to perform common EC2 operations such as starting, stopping, terminating, and describing instances. Additionally, it should provide functionalities to create new EC2 instances with specified configurations like instance type, AMI ID, security group IDs, and key pair name. The utility should also support listing all available EC2 instances in a given region, filtering instances based on tags, and updating instance attributes.

Key Features:
1. Authentication: Use AWS credentials stored in environment variables or the AWS configuration file to authenticate API requests.
2. Instance Management: Implement commands to start, stop, terminate, and describe instances.
3. Instance Creation: Allow users to specify instance types, AMI IDs, security groups, and key pairs when launching new instances.
4. Instance Listing: Provide an option to list all EC2 instances in a specific region.
5. Tag Filtering: Enable users to filter instances based on tag key-value pairs.
6. Attribute Update: Support updating instance attributes such as monitoring, IAM profile, and security groups.
7. Error Handling: Ensure robust error handling mechanisms to gracefully handle exceptions and provide meaningful feedback.
8. Logging: Implement logging to track actions performed through the utility.

Utilization of 'aws-sdk-ec2':
- Use Boto3's EC2 client methods to interact with the EC2 service.
- For instance management, utilize 'start_instances', 'stop_instances', 'terminate_instances', and 'describe_instances' methods.
- When creating new instances, use the 'run_instances' method with appropriate parameters.
- For listing instances, call 'describe_instances' with filters if needed.
- To update instance attributes, use 'modify_instance_attribute'.
- Handle exceptions using try-except blocks and provide informative error messages.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!