AI Analysis
The package appears to be legitimate based on its description and the low scores across various risk categories. While there is a moderate concern regarding potential credential harvesting, this is likely due to legitimate AWS service interactions.
- No network calls detected
- No shell execution patterns
- Potential credential risk due to environment variable access
Per-check LLM notes
- Network: No network calls detected, which is normal if the package does not require external communications.
- Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
- Obfuscation: Base64 decoding is commonly used for data serialization and not necessarily indicative of malicious activity.
- Credentials: The code snippet accessing environment variables could potentially be exploited for credential harvesting, but it may also be a legitimate use for AWS service interactions.
- Metadata: The maintainer has only one package, which might indicate a new or less active account but does not strongly suggest malicious intent.
Package Quality Overall: Medium (7.0/10)
Test suite present — 30 test file(s) found
Test runner config found: conftest.pyTest runner config found: pyproject.toml30 test file(s) detected (e.g. conftest.py)
Some documentation present
Documentation URL: "docs" -> https://awslabs.github.io/mcp/servers/aws-healthomics-mcp-seDetailed PyPI description (35444 chars)
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
Partial type annotation coverage
Type checker (mypy / pyright / pytype) referenced in project206 type-annotated function signatures detected in source
Active multi-contributor project
42 unique contributor(s) across 100 commits in awslabs/mcpActive community — 5 or more distinct contributors
Heuristic Checks
No suspicious network call patterns found
Found 6 obfuscation pattern(s)
try: decoded = base64.b64decode(token_str.encode('utf-8')).decode('utf-8') tokenprefix decoded = base64.b64decode(encoded.encode('utf-8')).decode('utf-8') token_doded bytes """ return base64.b64decode(data) def create_aws_client( service_name: str, retext_content}.""" data = base64.b64decode(b64) with zipfile.ZipFile(BytesIO(data)) as zf:amespace packages. __path__ = __import__('pkgutil').extend_path(__path__, __name__) # Copyright Amazon.com, In0).map( lambda b: __import__('base64').b64encode(b).decode() ), ) @pytest.mark.asy
No shell execution patterns detected
Found 6 credential access pattern(s)
egion name """ return os.environ.get('AWS_REGION', DEFAULT_REGION) def get_omics_service_name() -> sPaths like 'foo/bar/../../etc/passwd' where '..' is not caught by the simple string prefdate_local_path('foo/bar/../../etc/passwd') @pytest.mark.asyncio @patch('awslabs.aws_healthosted traversal like 'a/b/../../etc/passwd'.""" with pytest.raises(ValueError, match='Path convalidate_local_path('a/b/../../etc/passwd') def test_backslash_traversal(self) -> None:idate_local_path('dir/../../../etc/passwd') def test_backslash_dot_dot_windows(self) -> None:
No typosquatting candidates detected
Email domain looks legitimate: users.noreply.github.com>
Found 1 suspicious link(s) on the package page
Non-HTTPS external link: http://`
Repository awslabs/mcp appears legitimate
1 maintainer concern(s) found
Author "Amazon Web Services" appears to have only 1 package on PyPI (new or inactive account)
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Build a simple Python application using the awslabs.aws-healthomics-mcp-server package to demonstrate its core features.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue