axm-edit

v0.1.0 suspicious
7.0
High Risk

AXM Edit — Atomic batch file editing for AI agents.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risk of credential harvesting and potential misuse of shell execution, raising concerns about its legitimacy and intent.

  • High credential risk due to suspicious file operations
  • Shell execution patterns need further review to rule out malicious use
Per-check LLM notes
  • Network: No network calls detected, indicating low risk of data exfiltration or C2 communications.
  • Shell: Shell execution patterns observed are likely related to Git operations for version control, but should be reviewed for context to ensure they are not being used maliciously.
  • Obfuscation: No signs of code obfuscation or encoding patterns.
  • Credentials: High risk of credential harvesting observed through suspicious file operations on system critical files.
  • Metadata: The maintainer's author name is missing or very short and the author seems to be new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 35 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 35 test file(s) detected (e.g. __init__.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://forge.axm-protocols.io
  • Detailed PyPI description (5974 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 281 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in axm-protocols/axm-forge
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ne try: result = subprocess.run( ["git", "stash", "create", "-m", "axm-edit chec
  • # Reset tracked files subprocess.run( ["git", "checkout", "--", "."], cwd
  • created by batch_edit subprocess.run( ["git", "clean", "-fd"], cwd=root,
  • if checkpoint: subprocess.run( ["git", "stash", "apply", checkpoint],
  • es] try: result = subprocess.run( [ "ruff", "chec
  • """ try: result = subprocess.run( [ "claude", "-p
Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • : ops = [CreateOp(file="../etc/passwd", content="hacked")] result = batch_apply(tmp_project,
  • : ops = [DeleteOp(file="../etc/passwd")] result = batch_apply(tmp_project, ops) assert no
  • eplaceOp( file="../etc/passwd", edits=[Edit(line=1, old="a", new="b")],
  • =str(tmp_project), file="../../etc/passwd") assert result.success is False assert "es
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: axm-protocols.io>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository axm-protocols/axm-forge appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axm-edit 
Develop a fully-functional mini-application named 'BatchFileAI' using Python and the 'axm-edit' package. This application will allow users to perform atomic batch file editing tasks on multiple files simultaneously, enhancing their productivity when dealing with large sets of files.

### Features:
1. **User Interface**: Create a simple and intuitive command-line interface (CLI) where users can interact with the application.
2. **Atomic Batch File Editing**: Implement functionality to edit multiple files at once with the assurance that all changes are applied atomically, meaning if one file fails to update, none of the files are altered.
3. **Customizable Search & Replace**: Users should be able to specify search terms and replacement terms, allowing them to modify content across many files efficiently.
4. **Regex Support**: Enable advanced users to use regular expressions for more complex search and replace operations.
5. **File Pattern Matching**: Allow users to define patterns (e.g., '*.txt', '*.md') to select which files to operate on.
6. **Undo Functionality**: Provide an option to revert changes made during a session in case of mistakes.
7. **Logging**: Maintain logs of actions performed, including timestamps and details about each operation.
8. **Help and Documentation**: Ensure the application provides comprehensive help and documentation through the CLI and online resources.

### Utilizing 'axm-edit':
- Use 'axm-edit' for its core capabilities of atomic batch file editing. Specifically, utilize its functions to ensure that file modifications are handled safely and efficiently.
- Integrate 'axm-edit' to handle the search and replace operations across multiple files, ensuring that the process is both powerful and user-friendly.
- Explore 'axm-edit' documentation to discover any additional utilities or features that could enhance the application's functionality.

### Steps to Build the Application:
1. **Setup Environment**: Install Python and necessary packages, including 'axm-edit'.
2. **Design CLI**: Plan out the commands and options available to the user, focusing on simplicity and ease of use.
3. **Implement Core Functionality**: Write code to implement the basic functionalities such as searching and replacing text across files using 'axm-edit'.
4. **Enhance with Advanced Features**: Add support for regex, file pattern matching, undo functionality, and logging.
5. **Testing**: Thoroughly test the application to ensure it works correctly under various conditions and edge cases.
6. **Documentation and Deployment**: Prepare detailed documentation and deploy the application for public use.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!