Package Metadata

Author: Christopher Añorve
Email: [email protected]
PyPI: GALFITools
Python: >=3.9
Versions: 13 releases
First release: 14 Aug 2023, 22:34 UTC
Analysed: 05 Jun 2026, 13:56 UTC
Source files: 62 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaDevelopment Status :: 5 - Production/StableFramework :: PytestIntended Audience :: Science/ResearchLicense :: OSI Approved :: MIT LicenseNatural Language :: EnglishNatural Language :: SpanishProgramming Language :: PythonProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal risks with no signs of malicious activities. The high shell risk is due to the use of subprocess.run with shell=True but lacks evidence of improper handling leading to actual vulnerabilities.

High shell risk due to subprocess.run with shell=True
Low risk of obfuscation and credentials harvesting

Per-check LLM notes

Network: The network calls are likely for retrying connections which is common in robust software design.
Shell: The use of subprocess.run and shell=True indicates potential execution of external commands which could be risky if not properly sanitized or controlled.
Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
Credentials: No secret harvesting patterns detected, indicating low risk of credential theft.
Metadata: The maintainer has only one package, suggesting a new or less active account which may warrant further investigation.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

atus errors.""" session = requests.Session() retry = Retry( total=3, connect=3,

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

try: completed = subprocess.run( [galfit_bin, "-imax", str(imax), filename],
subprocess execution without shell=True - Ignores empty lines and comment lines starting with '#' -
l = sp.run( [rungal], shell=True, stdout=sp.PIPE, stderr=sp.PIPE, universal_newlines=True
[runcmd], shell=True, stdout=sp.PIPE, stderr=sp.PIPE,
[runcmd], shell=True, stdout=sp.PIPE, stderr=sp.

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository canorve/GALFITools appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Christopher Añorve" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with GALFITools

Build a simple Python application using the GALFITools package to demonstrate its core features.