awscli

v1.45.24 safe
3.0
Low Risk

Universal Command Line Environment for AWS.

🤖 AI Analysis

Final verdict: SAFE

The package is deemed safe as it primarily functions as a command-line interface for AWS services without any indications of malicious behavior.

  • No network or shell risks that pose immediate threats.
  • Low obfuscation and metadata risks with no signs of supply-chain attack.
Per-check LLM notes
  • Network: No network calls detected, indicating no direct external communication.
  • Shell: Detection of shell execution patterns may indicate the package performs installation or other system-specific tasks, which is not inherently malicious but requires further review to ensure legitimacy and safety.
  • Obfuscation: The observed patterns suggest legitimate use of base64 decoding and zlib decompression for handling cryptographic keys and compressed data.
  • Credentials: No suspicious patterns indicative of credential harvesting were found.
  • Metadata: The package shows some signs of potential issues with non-secure links but no other suspicious activities.

📦 Package Quality Overall: Medium (5.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (10242 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 13 unique contributor(s) across 100 commits in aws/aws-cli
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • ry: decoded_key = base64.b64decode(public_key) public_key = rsa.PublicKey.load_pkcs
  • try: digest = zlib.decompress( result['Body'].read(), zlib.MAX_WBITS | 16
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • .installer process = subprocess.Popen( [ 'powershell.exe',
  • onse['Body'].read()) subprocess.check_call( [ r'.\{0}'.format(self.INSTALLE
  • shell=True ) subprocess.check_call([ 'powershell.exe', '-Command', 'Res
  • ]) process = subprocess.Popen( [ 'powershell.exe',
  • f, params): process = subprocess.Popen( [ 'powershell.exe',
  • gent(self): process = subprocess.Popen( [ 'wmic', 'prod
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://docs.aws.amazon.com/cli/latest/topic/config-vars.html#cli-aws-help-config
  • Non-HTTPS external link: http://aws.amazon.com/cli/
Git Repository History

Repository aws/aws-cli appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Amazon Web Services" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with awscli 
Build a simple Python application using the awscli package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!