DragonLog

v26.5.1 suspicious
6.0
Medium Risk

Log QSO for Ham radio

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high risks in network and shell execution areas, suggesting potential for unauthorized actions. While no definitive signs of malicious intent are present, the combination of these risks raises concerns about its safety.

  • High network and shell execution risks
  • Potential credential harvesting
Per-check LLM notes
  • Network: The package makes external network calls to various URLs, which could potentially be used for data exfiltration or communication with external services.
  • Shell: The package executes shell commands and subprocesses, which can be a risk if not properly sanitized or controlled, possibly indicating potential for executing arbitrary code.
  • Obfuscation: No obfuscation patterns detected in the provided code snippets.
  • Credentials: The code appears to be harvesting credentials for third-party services, which could be a risk if not properly handled and authorized.
  • Metadata: The package has several non-HTTPS links and lacks maintainer information, raising suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • s: dict) -> dict: r = requests.get(self.__url__, params=params) if r.status_code == 20
  • nsert' } r = requests.post('https://www.hamqth.com/qso_realtime.php', data=data)
  • se(cur_version) req = requests.get('https://pypi.python.org/pypi/dragonlog/json') if re
  • ODE'], } r = requests.get('https://lotw.arrl.org/lotwuser/lotwreport.adi', params=para
  • try: r = requests.get('https://www.eQSL.cc/qslcard/importADIF.cfm', params=params)
  • try: r = requests.get('https://www.eQSL.cc/qslcard/GeteQSL.cfm', params=params)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • (password) res = subprocess.run(cmd, capture_output=True, startupinfo=tqsl_startupinfo)
  • try: res = subprocess.run([rigctld_path, '-l'], capture_output=True) s
  • try: res = subprocess.run([self.__rigctld_path__, f'--model={rig_id}', '-u'],
  • self.__rigctld__ = subprocess.Popen([self.__rigctld_path__,
Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • e password""" return keyring.get_password(callbook.value, self.set
  • QSL service""" return keyring.get_password('eqsl.cc', self.settings
  • ine service""" return keyring.get_password('lotw.arrl.org', self.se
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: schawo.de>

Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

  • Non-HTTPS external link: http://www.hamqth.com/DF1ASC
  • Non-HTTPS external link: http://www.eqsl.cc/Member.cfm?DF1ASC
  • Non-HTTPS external link: http://creativecommons.org/licenses/by-sa/4.0/
Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with DragonLog 
Your task is to develop a mini-application called 'HamTrack' which will serve as a comprehensive logging tool for amateur radio operators (hams). This application will utilize the Python package 'DragonLog' to manage QSO (Quick and Simple Operations) logs efficiently. Here are the detailed steps and features for your project:

1. **Project Setup**: Start by installing the 'DragonLog' package using pip. Ensure that you have a clean Python virtual environment set up for this project.
2. **Application Structure**: Create a simple GUI using a library like Tkinter or PyQt. The interface should be user-friendly and intuitive for hams to log their contacts easily.
3. **Core Functionality**: Implement the main functionality of logging QSOs. Each QSO should include fields such as call sign, frequency, date/time, mode of communication, and any notes from the operator.
4. **Integration with DragonLog**: Use 'DragonLog' to handle the backend operations of storing and retrieving QSO data. Ensure that the package is used effectively to maintain logs efficiently.
5. **Search and Filter Options**: Provide users with the ability to search through their logs based on various criteria such as date range, call sign, frequency, etc. This will help them quickly find specific QSOs.
6. **Export Functionality**: Allow users to export their logs into different formats such as CSV or PDF for record-keeping or sharing purposes.
7. **Backup and Restore**: Implement a feature to automatically back up the log data regularly. Also, provide a restore option in case the user needs to revert to a previous state.
8. **User Interface Enhancements**: Add additional features to the UI such as visual indicators for different modes of communication, color-coding based on the time of day, etc., to make the interface more engaging.
9. **Documentation**: Write clear documentation explaining how to use the 'HamTrack' application, including screenshots and examples of how to perform common tasks.
10. **Testing**: Conduct thorough testing of the application to ensure all features work as expected and that there are no bugs or usability issues.

By following these steps and incorporating the 'DragonLog' package, your 'HamTrack' application will become a valuable tool for amateur radio enthusiasts looking to keep track of their communications efficiently.