axor-claude

v0.3.1 suspicious
7.0
High Risk

Claude Code adapter for axor-core governance kernel

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a high risk of credential harvesting and lacks credible metadata, suggesting potential malicious intent.

  • High credential risk
  • Unknown author with no history
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires network functionality.
  • Shell: No shell execution patterns detected, indicating no immediate risk of executing arbitrary commands.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: High risk of credential harvesting due to suspicious file access attempts.
  • Metadata: The package shows some red flags such as an unknown author with no history and a repository with no engagement.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 9 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (11923 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 46 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 12 commits in Bucha11/axor-claude
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 10.0

Found 6 credential access pattern(s)

  • ous `.claude/skills/foo.md -> /etc/passwd` from being silently injected as system context.
  • user's own axor config, and `/etc/shadow`-class files. Symlinks are resolved before the check so
  • netrc", "~/.pgpass", "/etc/shadow", "/etc/sudoers", "/etc/ssh", "/proc/self/envir
  • redirect to ~/.ssh/id_rsa or /etc/shadow. resolved = resolve_safe(path, for_write=False)
  • ass with `cwd/innocuous -> ~/.ssh/id_rsa`. 2. **Optional sandbox root** via `AXOR_FS_SANDBOX_ROOT`:
  • under cwd cannot redirect to ~/.ssh/id_rsa or /etc/shadow. resolved = resolve_safe(path, for_w
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axor-claude 
Create a mini-application named 'ClaudeCodeGuard' that leverages the 'axor-claude' package to manage code quality and security checks for Python projects. This tool will serve as a bridge between the Claude Code adapter and the axor-core governance kernel, enabling developers to easily integrate advanced code governance functionalities into their workflows.

Step 1: Set up the Project Environment
- Initialize a new Python project.
- Install the 'axor-claude' package and any other necessary dependencies.

Step 2: Define Core Functionality
- Implement a function that takes a Python project directory as input.
- Use 'axor-claude' to perform a comprehensive code analysis on the provided directory.
- The analysis should include static code analysis, security vulnerabilities scanning, and compliance checks.

Step 3: Enhance with Additional Features
- Integrate a user-friendly CLI interface using libraries like Click or argparse.
- Allow users to customize the types of checks performed (e.g., PEP8 style guide, security scans).
- Provide real-time feedback and suggestions for improving code quality.

Step 4: Create a Reporting System
- Develop a feature that generates detailed reports based on the analysis results.
- Reports should include sections such as code quality metrics, detected vulnerabilities, and recommendations for improvement.
- Save reports in a human-readable format like Markdown or HTML.

Step 5: Test and Validate
- Write unit tests to ensure the accuracy and reliability of the code analysis functions.
- Perform integration testing to confirm the application works seamlessly with various Python projects.
- Validate the effectiveness of the reporting system by analyzing different types of projects.

How to Utilize 'axor-claude':
- 'axor-claude' acts as a mediator between your application and the axor-core governance kernel. It translates requests from your application into actions that the kernel understands, then returns the results back to your app.
- Use 'axor-claude' methods to initiate the code analysis process, interpret the returned data, and apply it within your application's workflow.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!