aws-sdk-kms

v0.1.0 suspicious
5.0
Medium Risk

Python SDK for AWS Key Management Service.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits low risks in terms of network calls, shell execution, and obfuscation. However, the credential risk and metadata risk raise concerns, particularly the lack of maintainer history and a GitHub repository, suggesting potential malicious intent.

  • Credential risk indicates legitimate AWS credential usage but without context, it's hard to verify legitimacy.
  • High metadata risk due to absence of maintainer history and GitHub repository.
Per-check LLM notes
  • Network: No network calls detected, which is unusual but not necessarily indicative of malicious activity for a package that interfaces with AWS KMS.
  • Shell: No shell execution patterns detected, indicating the package does not execute external commands, which aligns with typical behavior for a library focused on AWS KMS operations.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The observed code is likely retrieving AWS credentials for legitimate access to AWS KMS services.
  • Metadata: The package shows signs of being potentially malicious due to its lack of maintainer history and the absence of a GitHub repository.

πŸ“¦ Package Quality Overall: Low (4.6/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2297 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 133 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked β€” contributor count unavailable

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

⚠ Credential Harvesting score 10.0

Found 6 credential access pattern(s)

  • -> Credentials: ak = os.environ.get("AWS_ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCE
  • _ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCESS_KEY") if not ak or not sk:
  • ret_key": sk} token = os.environ.get("AWS_SESSION_TOKEN") if token: out["session_t
  • self._profile = profile or os.environ.get("AWS_PROFILE", "default") self._cred_file = credentials_f
  • als_file or Path( os.environ.get("AWS_SHARED_CREDENTIALS_FILE") or Path.home() / ".aws
  • fig_file or Path( os.environ.get("AWS_CONFIG_FILE") or Path.home() / ".aws" / "config" )
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aws-sdk-kms 
Create a secure file encryption and decryption tool using the Python package 'aws-sdk-kms'. This tool will allow users to encrypt files using AWS KMS (Key Management Service) managed keys and decrypt them when needed. Here’s a step-by-step guide on how to implement this mini-app:

1. **Setup**: Install the necessary packages including 'aws-sdk-kms' and 'boto3', configure your AWS credentials properly.
2. **Key Management**: Use AWS KMS to create and manage customer master keys (CMKs). Allow the user to either specify an existing CMK or create a new one.
3. **File Encryption**: Implement functionality to select a file from the local system, encrypt it using the chosen CMK, and save the encrypted data back to the local system or another specified location.
4. **File Decryption**: Add a feature to decrypt previously encrypted files using the same CMK, ensuring the original content is recovered accurately.
5. **Security Enhancements**: Consider adding features such as logging encryption/decryption activities, enforcing access controls via IAM roles, and handling errors gracefully.
6. **User Interface**: Design a simple CLI interface for ease of use, though an optional GUI could also be explored.
7. **Documentation**: Provide comprehensive documentation explaining how to use the tool, set up AWS KMS, and troubleshoot common issues.

Throughout the development process, focus on utilizing 'aws-sdk-kms' effectively to handle key operations securely and efficiently.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!