axl-workflows

v0.3.0 suspicious
6.0
Medium Risk

Lightweight framework for building data and ML workflows with class-based Python syntax

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential shell execution and obfuscation techniques, which could be leveraged for malicious activities. However, there is no clear evidence of credential theft or active malintent.

  • Moderate shell risk
  • Potential obfuscation via pickle.loads
Per-check LLM notes
  • Network: The network calls appear to be attempts to retrieve CPU and memory limits, which could be benign for performance monitoring.
  • Shell: The shell execution patterns indicate the package may install additional packages or execute commands, which could potentially be used for malicious purposes if not properly controlled.
  • Obfuscation: The use of pickle.loads suggests potential obfuscation or code execution risks, but could be legitimate for data serialization purposes.
  • Credentials: No clear patterns of credential harvesting detected.
  • Metadata: The package shows signs of potentially being newly created or from an inactive maintainer with limited history, raising some suspicion.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 17 test file(s) found

  • Test runner config found: pyproject.toml
  • 17 test file(s) detected (e.g. parameter_test.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://axl-workflows.readthedocs.io/
  • Detailed PyPI description (8279 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 166 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • print( f" CPU: {requests.get('cpu', 'N/A')} (limit: {limits.get('cpu', 'N/A')})"
  • int( f" Memory: {requests.get('memory', 'N/A')} (limit: {limits.get('memory', 'N/A')})"
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ct """ return pickle.loads(data) """ Intermediate Representation (IR) for AXL Workflow
Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • md.as_argv() try: subprocess.run(argv, check=True) except subprocess.CalledProcessError a
  • hich("uv") if uv: subprocess.check_call([uv, "pip", "install", "--system", *pkgs]) else:
  • m", *pkgs]) else: subprocess.check_call([sys.executable, "-m", "pip", "install", *pkgs]) def run_s
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: axl-workflows.dev>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axl-workflows 
Create a mini-application that leverages the 'axl-workflows' package to streamline the process of training machine learning models on different datasets. Your application should allow users to easily define and run workflows for model training, evaluation, and hyperparameter tuning. Here are the steps and features your application should include:

1. **Setup**: Start by installing the 'axl-workflows' package and setting up a basic project structure.
2. **Define Workflows**: Use the 'axl-workflows' package to define workflows for loading datasets, preprocessing data, training models, evaluating models, and tuning hyperparameters. Each workflow should be encapsulated in a class with methods corresponding to each step.
3. **User Interface**: Develop a simple command-line interface (CLI) that allows users to select from predefined workflows, specify model types (e.g., linear regression, decision tree), choose datasets, and set hyperparameters.
4. **Execution**: Implement functionality within the CLI to execute the selected workflows based on user inputs. Ensure that the application logs the progress and results of each workflow execution.
5. **Visualization**: Integrate a feature that visualizes the performance metrics of trained models using matplotlib or a similar library. This could include graphs showing accuracy, loss, etc., over epochs.
6. **Documentation**: Write comprehensive documentation explaining how to use the application, including examples of how to extend it with new workflows and models.
7. **Testing**: Include unit tests for your workflows and integration tests for the CLI to ensure robustness and reliability of the application.

The goal is to create a tool that simplifies the process of experimenting with different machine learning models and datasets, making it accessible even to those who are not deeply familiar with the underlying code. Utilize the 'axl-workflows' package's capabilities to make the workflow definitions as modular and reusable as possible.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!