AI Analysis
Final verdict: SUSPICIOUS
The package has a moderate risk score due to its execution of system commands and interaction with external networks, although no direct evidence of malicious intent was found.
- High shell risk due to execution of system commands
- Incomplete metadata and low maintainer engagement
Per-check LLM notes
- Network: The network calls appear to be fetching JSON data from URLs and GitHub, which could be part of the package's functionality but should be verified.
- Shell: Executing system commands and running other executables via subprocess suggests potential risks such as unexpected behavior or privilege escalation, especially if not clearly documented.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows signs of low maintainer engagement and incomplete metadata, which may indicate a lower quality or potentially abandoned project.
Heuristic Checks
Outbound Network Calls
score 4.5
Found 3 network call pattern(s)
json" response = requests.get(url, timeout=5) response.raise_for_status()} response = requests.get(GITHUB_JSON_URL, headers=headers, timeout=5, verify=False)R_NAME}/json" response = requests.get(url, timeout=5) response.raise_for_status() latest
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
score 10.0
Found 5 shell execution pattern(s)
platform == 'win32': os.system(f'mode con: cols={cols} lines={rows}') ke): try: subprocess.run([executable]) except KeyboardInterrupt:pluginPath): subprocess.run([sys.executable, self.pluginPath]) else:loading.start() subprocess.run([sys.executable, '-m', 'pip', 'install', packageName, '--quiпроцессе (скрытое окно) subprocess.Popen(f'start /min "" "{updater_bat}"', shell=True) # Немед
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with FunHub-app-launcher
Create a command-line utility called 'AppMaster' that leverages the 'FunHub-app-launcher' package to manage and launch various CLI applications from a single interface. Your goal is to develop a user-friendly tool that simplifies the process of accessing multiple CLI tools, making it easier for users to run different applications without needing to manually navigate through their system's directory structure. Here are the steps and features you should include in your project: 1. **Project Setup**: Initialize a new Python project and install the 'FunHub-app-launcher' package as a dependency. 2. **Configuration File**: Design a configuration file (e.g., `config.json`) where users can define aliases for their CLI applications along with the full path to each application. This file will be read by 'AppMaster' to understand which applications are available and how they should be launched. 3. **Command Line Interface**: Develop a simple yet powerful CLI interface for 'AppMaster'. Users should be able to view a list of all available applications, launch any application by its alias, and exit the program gracefully. 4. **Integration with FunHub-app-launcher**: Utilize the core functionalities of the 'FunHub-app-launcher' package to handle the launching of applications based on user input. Ensure that the package is invoked correctly to start the desired application in the background or foreground as per user preference. 5. **User Preferences**: Allow users to customize their experience by setting preferences such as default application to launch, terminal emulator to use, and whether the application should open in a new terminal window or the current one. 6. **Error Handling and Feedback**: Implement robust error handling to deal with situations like invalid input or non-existent applications. Provide clear feedback messages to guide users effectively. 7. **Documentation**: Write comprehensive documentation that explains how to set up 'AppMaster', configure it, and use its features effectively. Include examples and best practices. 8. **Testing**: Ensure that 'AppMaster' works as expected by writing tests for critical functions, including those related to reading configurations, launching applications, and handling errors. By following these steps, you'll create a versatile and efficient tool that enhances the usability of CLI applications for developers and power users alike.