AutoCython-zhang

v2.3.8 suspicious
5.0
Medium Risk

自动Cython,使用Cython批量编译.py文件为.pyd文件!

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits medium risk due to potential code obfuscation techniques and unclear shell execution contexts, despite no detected network calls or credentials risks.

  • High obfuscation risk due to use of eval(), exec(), and vars()
  • Unclear purpose of shell execution commands
Per-check LLM notes
  • Network: No network calls detected, which is normal and expected.
  • Shell: Shell execution may be for legitimate purposes like compiling code, but the lack of context around 'command' and 'temp_dir' raises some concern.
  • Obfuscation: The presence of functions like eval(), exec(), and vars() indicates potential code obfuscation or execution of arbitrary code, which is risky.
  • Credentials: No suspicious patterns for credential harvesting were detected.
  • Metadata: The repository not being found and the author having a short or missing name raises suspicion.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • "检查函数体是否包含 globals()/locals()/eval()/exec()/vars() 调用""" if hasattr(node, 'body') and isins
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • '--strip-all', path] subprocess.run(cmd, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
  • try: result = subprocess.run( command, cwd=temp_dir,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: 163.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with AutoCython-zhang 
构建一个名为 'Python-to-Cython-Batch-Compiler' 的小型应用程序,该程序利用 'AutoCython-zhang' 包来自动将指定目录下的所有 .py 文件批量转换为 .pyd 文件。此应用程序旨在提高 Python 脚本的执行效率,特别是对于那些计算密集型的任务。

### 应用程序功能:
1. **用户界面**:提供一个简单的命令行界面(CLI),用户可以通过输入指令来选择需要编译的目录。
2. **目录扫描**:应用程序应能够遍历指定目录及其子目录,查找所有的 .py 文件。
3. **批量编译**:找到所有的 .py 文件后,程序会使用 'AutoCython-zhang' 包自动将其编译成 .pyd 文件。
4. **错误处理与反馈**:在编译过程中,程序需要捕获并显示任何错误信息,并且成功或失败的状态都应当被清晰地反馈给用户。
5. **日志记录**:记录每次编译操作的日志,包括开始时间、结束时间、哪些文件被编译以及是否成功等。
6. **可配置性**:允许用户通过配置文件来调整编译参数,例如是否启用优化等。
7. **性能比较工具**:集成一个简单的性能测试工具,用于对比原始 .py 文件和生成的 .pyd 文件的运行速度差异。

### 使用 'AutoCython-zhang' 包的方式:
在整个应用中,主要依赖于 'AutoCython-zhang' 包提供的批量编译功能。具体来说,应用程序会调用该包的相应函数或方法来实现 .py 到 .pyd 的转换过程。此外,还可以利用该包提供的其他特性来增强编译流程,比如支持不同的编译选项、优化策略等。

### 目标:
开发完成后,该应用程序将成为一个强大的工具,帮助开发者快速提升 Python 脚本的执行效率,特别是在处理大规模数据集或执行复杂算法时。