m2k-skills-tools

v0.1.0 suspicious
5.0
Medium Risk

A pretty terminal manager for installing and updating M2K skills.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to its handling of shell commands and network calls, which are critical areas that could potentially be exploited. However, there is no direct evidence of malicious intent.

  • High shell risk
  • Moderate network risk
  • Low metadata quality
Per-check LLM notes
  • Network: Network calls to external services might be part of the package's functionality, but should be documented and reviewed.
  • Shell: Execution of shell commands can pose significant risks if not properly controlled, suggesting potential for unauthorized actions or vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is very new with low metadata quality and a single package from the author, raising suspicion but not conclusive evidence of malice.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • return git_commit with httpx.Client(follow_redirects=True, timeout=timeout) as client: r
  • loat = 20.0) -> str: with httpx.Client(follow_redirects=True, timeout=timeout) as client: r
  • ors: list[str] = [] with httpx.Client(follow_redirects=True, timeout=timeout) as client: f
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • 到") try: result = subprocess.run([path, *args], check=False, capture_output=True, text=True,
  • try: result = subprocess.run( [git, "ls-remote", url, pattern],
  • f path.is_file(): subprocess.Popen(["notepad", str(path)]) else: os.startfi
  • f system == "darwin": subprocess.Popen(["open", str(path)]) return editor = os.environ.
  • is_file() and editor: subprocess.Popen([editor, str(path)]) else: subprocess.Popen(["xd
  • str(path)]) else: subprocess.Popen(["xdg-open", str(path)]) from __future__ import annotation
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository mini2kai/m2k-skills appears legitimate

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T09:37:50.000Z)
  • Author "mini2kai" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with m2k-skills-tools 
Create a command-line application called 'SkillMaster' using Python and the 'm2k-skills-tools' package. This tool will allow users to manage their M2K skills efficiently by providing a user-friendly interface directly from the terminal. Here’s a detailed breakdown of what your application should achieve:

1. **Installation Manager**: Users should be able to install new M2K skills directly from the terminal. The application should fetch the latest skill packages available and provide options to select which ones to install.
2. **Update Utility**: Implement an update feature that checks for newer versions of installed skills and provides an option to update them.
3. **Skill Information**: Provide details about each skill such as version number, author, description, and any other relevant information.
4. **Search Functionality**: Allow users to search for specific skills based on keywords or categories.
5. **Uninstall Option**: Offer the ability to uninstall unwanted skills.
6. **Interactive CLI**: Ensure the application has an interactive command-line interface where users can navigate through different commands and functionalities easily.
7. **Configuration Settings**: Include settings where users can customize their experience, such as default installation paths, verbosity levels, etc.

To utilize the 'm2k-skills-tools' package effectively, you will need to leverage its capabilities for fetching, installing, updating, and managing skills. Integrate these functionalities into your 'SkillMaster' app so that it not only serves as a simple installer but also acts as a comprehensive management tool for all aspects of M2K skills.