AI Analysis
Final verdict: SUSPICIOUS
The package shows low risks in terms of network, shell, and obfuscation activities, but it lacks essential metadata like the maintainer's name and a GitHub repository, raising concerns about its origin and reliability.
- Lack of maintainer information and GitHub repository
- Unusual absence of network calls for an AWS SDK package
Per-check LLM notes
- Network: No network calls detected, which is unusual but not necessarily indicative of malicious activity for an AWS SDK package that typically interacts with S3.
- Shell: No shell execution patterns detected, reducing the risk of potential command injection or backdoor activities.
- Obfuscation: No obfuscation patterns detected.
- Credentials: The observed code is likely part of normal AWS SDK functionality for fetching credentials.
- Metadata: The package lacks a maintainer's name and GitHub repository, suggesting potential unreliability.
Package Quality Overall: Low (4.6/10)
◈ Medium
Test Suite
6.0
Partial test coverage signals detected
Test runner config found: pyproject.toml
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (3966 chars)
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
7.0
Partial type annotation coverage
Classifier: Typing :: Typed328 type-annotated function signatures detected in source
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
score 10.0
Found 6 credential access pattern(s)
-> Credentials: ak = os.environ.get("AWS_ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCE_ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCESS_KEY") if not ak or not sk:ret_key": sk} token = os.environ.get("AWS_SESSION_TOKEN") if token: out["session_tself._profile = profile or os.environ.get("AWS_PROFILE", "default") self._cred_file = credentials_fals_file or Path( os.environ.get("AWS_SHARED_CREDENTIALS_FILE") or Path.home() / ".awsfig_file or Path( os.environ.get("AWS_CONFIG_FILE") or Path.home() / ".aws" / "config" )
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with aws-sdk-s3
Create a Python-based file management utility that interacts with Amazon S3 using the 'aws-sdk-s3' package. This utility should allow users to perform common file operations such as uploading files to S3 buckets, downloading files from S3 buckets, listing all files in a specified bucket, deleting files from a bucket, and renaming files within the bucket. Additionally, implement a feature that allows users to filter and display files based on their last modified date or file size. The application should also include error handling for common AWS S3 errors like invalid credentials, missing permissions, or non-existent objects. To make the utility more user-friendly, design a simple command-line interface (CLI) that accepts user inputs and displays results in a readable format. Ensure that the application securely handles AWS access keys and secrets, possibly by prompting the user to input them manually or by reading them from a secure environment variable.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue