axiomai-cli

v0.1.8.2 suspicious
4.0
Medium Risk

Axiom: Your Coding Assistant

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its network and shell execution activities, which could potentially lead to vulnerabilities. However, there's no strong evidence of malicious intent.

  • Moderate network risk
  • Potential shell injection risk
Per-check LLM notes
  • Network: Network calls are typical for CLI tools to fetch resources or communicate with servers.
  • Shell: Use of shell execution can be legitimate but also poses higher risks due to potential command injection vulnerabilities.
  • Obfuscation: The use of base64 decoding may indicate an attempt to obfuscate code or data, but it is also a common practice for data encoding and transmission.
  • Credentials: No clear patterns of credential harvesting were detected.
  • Metadata: The package shows signs of low maintainer activity and incomplete metadata, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 6 test file(s) found

  • 6 test file(s) detected (e.g. test_chat_workflow.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5866 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 336 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • item.get("url"): with httpx.Client(timeout=180.0) as client: img_response = client.
  • } try: with httpx.Client(timeout=180.0) as client: response = client.post
  • } with httpx.Client(timeout=180.0) as client: response = client.
  • ify = _ssl_verify() with httpx.Client(timeout=TIMEOUT, verify=verify) as client: resp = cl
  • ast_status}") r = httpx.get(response_url, timeout=TIMEOUT, verify=verify) la
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • mage_base64"): return base64.b64decode(body["image_base64"]), body.get("revised_prompt") data
  • t("b64_json"): return base64.b64decode(first_item["b64_json"]), first_item.get("revised_prompt")
  • self._progress_lock = __import__('threading').Lock() def execute_coarse_phase(self, file_list: L
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • s (vim, top, etc.) go through os.system() and return # {"message": ..., "exit_code": ...} -- not
  • try: exit_code = os.system(full_cmd_str) actual_exit_code = exit_code >> 8
  • """ try: result = subprocess.run( ["git", "rev-parse", "--show-toplevel"],
  • update(env) result = subprocess.run( cmd, cwd=self.git_root,
  • sues result = subprocess.run( f"{command} /?", sh
  • try: result = subprocess.run(['command', '-v', command], capture_output=True, text=True,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: acrotron.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axiomai-cli 
Develop a fully-functional mini-application called 'CodeSavior' which leverages the capabilities of the 'axiomai-cli' package to assist developers in writing cleaner, more efficient code. This application will serve as a coding assistant, providing real-time suggestions, refactoring options, and documentation lookup based on user input. Here's a step-by-step guide on what the application should accomplish:

1. **Setup**: Begin by installing the 'axiomai-cli' package and setting up a basic Python environment.
2. **Real-Time Suggestions**: Implement a feature that takes a snippet of code as input and returns immediate suggestions for improvement. These could include syntax corrections, best practices, and optimization tips.
3. **Refactoring Tool**: Develop a module within 'CodeSavior' that allows users to input a piece of code and receive a refactored version according to common coding standards and efficiency guidelines.
4. **Documentation Lookup**: Integrate a feature that searches through official documentation based on user queries about specific functions or modules, providing quick access to relevant information.
5. **User Interface**: Create a simple yet intuitive command-line interface (CLI) where users can interact with 'CodeSavior', input their code snippets, and view suggestions/refactorings/documentation results.
6. **Integration Testing**: Ensure that 'CodeSavior' works seamlessly with 'axiomai-cli' by testing various functionalities such as handling different types of code inputs, accuracy of suggestions, effectiveness of refactorings, and speed of documentation retrieval.
7. **Enhancements & Feedback Loop**: After initial deployment, gather feedback from users to identify areas for improvement and potential new features, such as support for multiple programming languages or advanced code analysis tools.

Throughout the development process, focus on leveraging 'axiomai-cli' to streamline coding tasks and enhance developer productivity. The goal is to create a tool that not only assists in writing better code but also promotes learning and adherence to best coding practices.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!