backend.ai-client

v26.4.3 suspicious
6.0
Medium Risk

Backend.AI Client SDK

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potentially risky behavior such as shell execution and obfuscation techniques, raising concerns about its true intentions.

  • Detection of shell execution patterns
  • Use of AES.MODE_CBC and base64 decoding indicating possible obfuscation
Per-check LLM notes
  • Network: No network calls detected, which is not unusual and does not indicate immediate risk.
  • Shell: Detection of shell execution patterns suggests the package may use SSH and SCP functionalities for remote management, which aligns with its purpose but requires scrutiny to ensure it's not being misused.
  • Obfuscation: The use of AES.MODE_CBC and base64 decoding suggests encryption but the partial code may indicate obfuscation for hiding logic rather than secure data handling.
  • Credentials: Direct use of getpass.getpass indicates handling of sensitive inputs like passwords, but without context it's unclear if this is for secure storage or potential harvesting.
  • Metadata: The maintainer has only one package, which might indicate a new or less active account. A non-HTTPS link is suspicious but not necessarily indicative of malice.

πŸ“¦ Package Quality Overall: Medium (5.4/10)

β—‹ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://docs.backend.ai/
  • Detailed PyPI description (7458 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 301 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 9 unique contributor(s) across 100 commits in lablup/backend.ai
  • Active community β€” 5 or more distinct contributors

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • AES.MODE_CBC, iv) b64p = base64.b64decode(real_payload) return unpad(crypt.decrypt(bytes(b64p)), 1
⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • h: ssh_proc = subprocess.run( [ "ssh",
  • h: scp_proc = subprocess.run( [ "scp",
  • {random_id}" try: subprocess.run( [*CLI_EXECUTABLE, "session", "download", sessio
  • ound process proxy_proc = subprocess.Popen( [*CLI_EXECUTABLE, "app", session_ref, "sshd", "-b",
⚠ Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • t("User ID: ") password = getpass.getpass() config = get_config() if config.endpoint_type !=
  • ): code = getpass.getpass() else: code = input()
  • alse): code = getpass.getpass() else: code = input() e
βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8080
βœ“ Git Repository History

Repository lablup/backend.ai appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Lablup Inc. and contributors" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with backend.ai-client 
Develop a Python-based mini-application called 'AI-CodeRunner' which leverages the Backend.AI client SDK to facilitate running code snippets in various programming languages directly from your local machine. This application will serve as an educational tool for beginners learning coding, as well as a quick prototyping utility for more experienced developers. Here’s a detailed breakdown of the project scope and requirements:

1. **Application Overview**: AI-CodeRunner will provide users with an interface to write, run, and visualize the output of code snippets in supported programming languages such as Python, JavaScript, and C++. Users should be able to select the language they wish to use and input their code into a text area provided.

2. **Core Functionality**:
   - **Code Execution**: Utilize the Backend.AI client SDK to send the user's code snippet to a remote server where it will be executed in a controlled environment. Ensure that the execution environment supports all required dependencies and libraries for each language.
   - **Output Display**: Once the code has been executed, display the output back to the user in a clear and readable format. For example, if the user runs a Python script that prints

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!