Jarvis-HEP

v1.6.24 suspicious
6.0
Medium Risk

Jarvis-HEP: likelihood-driven HEP scanning framework

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to shell execution and obfuscation techniques, indicating potential vulnerabilities that could be exploited.

  • High obfuscation risk due to eval usage
  • Moderate shell risk from 'shell=True' usage
Per-check LLM notes
  • Network: No network calls detected, which is low risk.
  • Shell: Shell execution with 'shell=True' can be risky if not properly sanitized, potentially allowing for command injection attacks.
  • Obfuscation: The use of eval with dictionary inputs suggests potential for code injection, indicative of obfuscation or evasion techniques.
  • Credentials: No direct evidence of credential harvesting is present, but caution should be exercised as the context of eval usage can pose risks.
  • Metadata: Low risk but needs attention due to new maintainer and lack of classifiers.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • all deps are available - eval(values) evaluates using dict input Design: - SymPy
  • sing) == 0), missing def eval(self, values: Mapping[str, Any]) -> Any: args = []
  • all deps are available - eval(values) evaluates using dict input and returns bool Des
  • sing) == 0), missing def eval(self, values: Mapping[str, Any]) -> bool: args = []
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • mmand["cwd"], shell=True, log_dir=None, log_policy="
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository Pengxuan-Zhu-Phys/Jarvis-HEP appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "Jarvis-HEP Developers" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Jarvis-HEP 
Create a mini-application named 'HiggsBosonScanner' that leverages the Jarvis-HEP library to perform likelihood-driven scanning of parameters related to Higgs boson production and decay. This application should allow users to input specific parameter ranges and configurations for Higgs boson processes, and then use Jarvis-HEP to analyze these parameters based on predefined statistical models. The goal is to identify the most likely values for the parameters given experimental data, helping physicists understand the behavior of the Higgs boson more accurately.

Key Features:
1. User Interface: Develop a simple yet intuitive GUI where users can specify the range of parameters they want to scan over, including masses, coupling strengths, etc., as well as any additional constraints or assumptions about the physics scenario.
2. Data Input: Allow users to upload their own experimental datasets or select from a set of pre-defined datasets included with the application.
3. Parameter Scanning: Use Jarvis-HEP's likelihood functions to scan over the specified parameter space. The application should be able to handle multi-dimensional scans efficiently.
4. Visualization: Implement plotting capabilities to visualize the scanned parameter space, highlighting regions of high likelihood. Users should be able to see contour plots, heat maps, and other relevant visualizations.
5. Statistical Analysis: Provide basic statistical analysis tools within the application to help interpret the results of the scans. This could include calculating confidence intervals, performing hypothesis tests, etc.
6. Documentation and Help: Include comprehensive documentation and a help section within the application to guide users through setting up scans and interpreting results.

How to Utilize Jarvis-HEP:
- Import the necessary modules from Jarvis-HEP at the beginning of your Python script.
- Define the likelihood function according to the theoretical model you wish to test against experimental data.
- Use Jarvis-HEP's scanning methods to evaluate the likelihood across the desired parameter space.
- Analyze the output data using the statistical and visualization tools provided by Jarvis-HEP or integrated into your application.