axiom-os-lm

v0.30.5 suspicious
6.0
Medium Risk

Composable and Extensible Agent Operating System for Language Models

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks related to network and shell execution activities, suggesting potential unauthorized actions or backdoor capabilities. However, it lacks signs of obfuscation or credential theft, which somewhat mitigates the overall threat level.

  • High network risk
  • High shell execution risk
  • Missing repository and author information
Per-check LLM notes
  • Network: The observed network patterns indicate the package may be making external requests to an unknown URL, which could be used for unauthorized data transfer or command and control.
  • Shell: The detected shell execution patterns suggest the package could execute arbitrary commands on the system, posing a significant risk for potential exploitation or backdoor functionality.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The repository is not found, and the maintainer's author name is missing or very short, indicating potential suspicious activity.

πŸ“¦ Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present β€” 11 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 11 test file(s) detected (e.g. conftest.py)
  • Classifier: Framework :: Pytest
β—ˆ Medium Documentation 7.0

Some documentation present

  • 5 documentation file(s) (e.g. memory-benchmarks-baseline.py)
  • Detailed PyPI description (8607 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 251 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • } ).encode() req = urllib.request.Request( QWEN_URL, data=payload, hea
  • unter() try: with urllib.request.urlopen(req, timeout=120, context=ctx) as resp:
  • .3, }).encode() req = urllib.request.Request( QWEN_URL, data=payload, headers={
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ime.perf_counter() proc = subprocess.run(cmd, capture_output=True, text=True, timeout=180) elapse
  • ode", mode, classroom_id] subprocess.run(cmd, check=True, capture_output=True, text=True, timeout=30)
  • AR.""" try: out = subprocess.run( [ "git", "-C", str(repo_root),
  • try: subprocess.run( ["ssh", "-o", "ConnectTimeout=2",
  • b.cli_name}...") result = subprocess.run( [*pip_cmd.split(), "install", "--upgrade", f"git+{u
  • try: subprocess.run([cli, "agents", "start"], check=False) except Fi
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: utexas.edu>

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with axiom-os-lm 
Create a conversational agent assistant named 'AxiomBot' that leverages the 'axiom-os-lm' package to provide personalized assistance to users. AxiomBot should be able to understand and respond to user queries, manage tasks, set reminders, and even engage in casual conversations. Here’s a detailed plan on how to build AxiomBot using the 'axiom-os-lm' package:

1. **Setup Environment**: Begin by setting up your Python environment and installing the necessary packages including 'axiom-os-lm'. Ensure you have a clear understanding of the dependencies required.

2. **Initialize AxiomOS**: Use 'axiom-os-lm' to initialize your operating system for language models. This involves configuring settings such as the type of agents you want to create, their capabilities, and how they interact with each other.

3. **Develop Core Functionality**: Implement the core functionalities of AxiomBot such as natural language processing (NLP) for query understanding, task management, and scheduling reminders. Utilize 'axiom-os-lm' to compose these functionalities into a cohesive system where different agents can work together seamlessly.

4. **Integrate External APIs**: Enhance AxiomBot by integrating it with external APIs for more advanced functionalities like weather updates, news headlines, or even controlling smart home devices.

5. **User Interface**: Design a simple but effective user interface where users can interact with AxiomBot. This could be a web-based interface or a mobile app, depending on your preference.

6. **Testing and Iteration**: Thoroughly test AxiomBot with various user scenarios to ensure reliability and accuracy. Based on feedback, iterate on the design and functionality to improve user experience.

7. **Deployment**: Once satisfied with the development and testing phases, deploy AxiomBot to a production environment where it can serve real users.

By following these steps, you will have built a fully functional conversational agent assistant that not only provides useful information and manages tasks but also engages in meaningful conversations with its users.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!