axor-cli

v0.6.1 suspicious
7.0
High Risk

CLI for axor-core governance kernel — governed agent sessions in your terminal

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows significant risks related to credential handling and metadata, suggesting potential misuse. While other risks are lower, the combination of factors raises suspicion about possible malicious intent.

  • High credential risk due to unsafe API key handling
  • Concerning metadata indicating low maintainer activity
Per-check LLM notes
  • Network: The network call is likely for legitimate purposes like checking for updates or fetching configuration data.
  • Shell: No shell execution patterns detected.
  • Obfuscation: The obfuscation pattern may be used to hide code logic but does not inherently indicate malicious activity.
  • Credentials: The credential harvesting pattern involves requesting an API key from the user, which could be misused for unauthorized access if not handled securely.
  • Metadata: The repository's low activity and the maintainer's new/inactive status raise concerns about potential malicious intent.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 9 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (10265 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 101 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 48 commits in Bucha11/axor-cli
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • t() -> str: req = urllib.request.Request(url, headers={"User-Agent": "axor-cli/1.0"})
  • r-cli/1.0"}) with urllib.request.urlopen(req, timeout=15) as resp: raw = resp
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • return False try: __import__(info["module"]) return True except ImportError: return
  • ools) try: mod = __import__(info["module"]) except ImportError: raise ImportError(
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • """ try: key = getpass.getpass( f" {adapter.capitalize()} API key (hidden): "
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axor-cli 
Create a terminal-based mini-application called 'Governance Terminal' that leverages the 'axor-cli' package to facilitate interactive sessions with governed agents. This application will serve as a user-friendly interface for users to manage and interact with their governed agents directly from the command line. Here are the steps and features to implement:

1. **Setup**: Ensure that 'axor-cli' is installed and properly configured in your environment.
2. **User Interface**: Design a simple yet intuitive command-line interface where users can easily navigate through different functionalities related to agent management.
3. **Agent Management**: Implement commands to start, stop, and view status of governed agents. Users should be able to initiate sessions with specific agents and receive real-time feedback on their status.
4. **Configuration**: Allow users to configure settings for their agents directly through the CLI, such as setting permissions, adjusting parameters, and defining roles.
5. **Logging and Monitoring**: Integrate logging capabilities so users can review past interactions and monitor current activities of their agents. Provide options to filter logs based on date, agent ID, or action type.
6. **Security Measures**: Incorporate basic security features like authentication before allowing access to sensitive operations involving agent configurations or statuses.
7. **Help and Documentation**: Include comprehensive help documentation accessible via the CLI to guide users through each feature and command available.

This project aims to showcase the versatility and power of 'axor-cli' in managing governed agents efficiently within a command-line environment.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!