aws-sdk-secrets-manager

v0.1.0 suspicious
4.0
Medium Risk

Python SDK for AWS Secrets Manager.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential misuse, primarily due to the lack of maintainer history and missing author information, which raises concerns about its legitimacy.

  • Metadata risk due to missing maintainer history and author name
  • Credential risk due to potential mishandling of AWS credentials
Per-check LLM notes
  • Network: No network calls detected, which is unusual but not necessarily indicative of malicious activity for a utility package like aws-sdk-secrets-manager.
  • Shell: No shell execution patterns detected, indicating the package does not execute system commands, which is normal for a typical library.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code is likely retrieving AWS credentials for legitimate use, but there's a minor risk if the credentials are mishandled or accessed improperly.
  • Metadata: The package shows signs of being potentially malicious due to its lack of maintainer history and a missing author name.

📦 Package Quality Overall: Low (4.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (1996 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 129 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 10.0

Found 6 credential access pattern(s)

  • -> Credentials: ak = os.environ.get("AWS_ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCE
  • _ACCESS_KEY_ID") sk = os.environ.get("AWS_SECRET_ACCESS_KEY") if not ak or not sk:
  • ret_key": sk} token = os.environ.get("AWS_SESSION_TOKEN") if token: out["session_t
  • self._profile = profile or os.environ.get("AWS_PROFILE", "default") self._cred_file = credentials_f
  • als_file or Path( os.environ.get("AWS_SHARED_CREDENTIALS_FILE") or Path.home() / ".aws
  • fig_file or Path( os.environ.get("AWS_CONFIG_FILE") or Path.home() / ".aws" / "config" )
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aws-sdk-secrets-manager 
Build a simple Python application using the aws-sdk-secrets-manager package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!