ayder-cli

v1.8.3 suspicious
5.0
Medium Risk

AI agent for any LLMs

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has legitimate use cases but raises concerns due to its ability to execute shell commands and an incomplete maintainer profile.

  • Shell execution detected
  • Incomplete maintainer profile
Per-check LLM notes
  • Network: No network calls detected, which is normal and not suspicious.
  • Shell: Shell execution detected can be legitimate if the package is designed to install dependencies or run commands, but requires scrutiny to ensure it does not execute arbitrary code.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has an incomplete profile and seems new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.6/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (24558 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 270 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in ayder/ayder-cli
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • "]): try: subprocess.run([*cmd, *pkgs], check=True) return except
  • ) proc = subprocess.Popen( command, shell=True,
  • command, shell=True, stdout=subprocess.PIPE, st
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository ayder/ayder-cli appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ayder-cli 
Build a simple Python application using the ayder-cli package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!