MainShortcuts2

v2.8.2 suspicious
7.0
High Risk

Сокращение и улучшение функций + консольные утилиты

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits multiple red flags including high shell and credential risks, as well as potential obfuscation techniques, which could indicate malicious intent or supply-chain compromise.

  • High shell execution risk
  • Potential credential harvesting
  • Possible code obfuscation
Per-check LLM notes
  • Network: The network patterns detected involve HTTP requests which could be benign depending on the package's functionality, but warrant further investigation.
  • Shell: Executing shell commands directly using os.system and subprocess.call can pose significant risks including potential unauthorized system access or command execution, suggesting high risk.
  • Obfuscation: The presence of base64 and zlib/bz2 decompression suggests potential obfuscation, which may hide malicious code or sensitive information.
  • Credentials: The code accessing environment variables for tokens and manipulating system files like hosts file indicates a high risk of credential harvesting or system manipulation.

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • self.req_kw["session"] = requests.Session() def _run_handlers(self, event: int, data: dict): if
  • is None: self._http = requests.Session() return self._http def _request(self, http_method
  • ion is None: session = requests.Session() kw["method"] = method kw["url"] = url resp
  • ion is None: session = aiohttp.ClientSession() kw["method"] = method kw["url"] = url resp
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • bj[0] == "base64": return base64.b64decode(obj[1].encode("utf-8")) @reg_decoder(dict) def _(obj): r
  • str]): return cls({k: base64.b64decode(v) for k, v in data.items()}) FileHasherV2 = dict[str, Fi
  • 1: import zlib return zlib.decompress(data) if compress_type == 2: import bz2 return bz2
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • ar(): """Windows""" os.system("clear") if sys.platform == "linux": def _clear():
  • lear(): """Linux""" os.system("cls") def clear(): """Очистить терминал (только Win
  • f args.nano_help: return subprocess.call(["nano", "--help"]) write_kw = {} write_kw["encoding"]
  • rint(err, file=sys.stderr) subprocess.call(nano_args) write_kw["ensure_ascii"] = args.no_escape w
  • import subprocess with subprocess.Popen(["nginx", "-t"], stderr=subprocess.PIPE) as p: code = p
  • sys.exit(code) sys.exit(subprocess.call(["nginx", "-s", "reload"])) def nginx_restart(): ms.
Credential Harvesting score 7.5

Found 3 credential access pattern(s)

  • o_token: kw["token"] = os.environ.get("GITHUB_TOKEN") else: kw["token"] = os.environ["GITHUB_TOKEN"
  • lf): return ms.path.Path("/etc/hosts") def hibernate(self): self._run("systemctl", "hiber
  • lf.win_dir / "System32/drivers/etc/hosts") def hibernate(self): self._run("shutdown", "/h")
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository MainPlay-TG/MainShortcuts2.py appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "MainPlay TG" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with MainShortcuts2 
Your task is to develop a command-line utility called 'ShortcutMaster' using the Python package 'MainShortcuts2'. This utility will streamline common tasks and provide quick access to frequently used functions. Here are the key requirements and features for your application:

1. **User Interface**: Design a simple, intuitive command-line interface that allows users to input commands and receive feedback.
2. **Task Automation**: Implement several predefined shortcuts that automate repetitive tasks such as file management, system checks, and network operations.
3. **Custom Shortcuts**: Allow users to create their own shortcuts for custom commands or scripts they frequently use.
4. **Help Documentation**: Include a help feature that provides descriptions of all available shortcuts and how to use them.
5. **Logging Mechanism**: Integrate logging to keep track of when each shortcut was executed and any relevant output or errors.
6. **Security Measures**: Ensure that only authorized commands are allowed to execute for security reasons.

To achieve these features, you will heavily rely on 'MainShortcuts2', which offers enhanced functionality and utilities specifically designed for command-line applications. Use its capabilities to handle console inputs, manage tasks efficiently, and provide robust error handling. Your goal is to create a user-friendly, efficient tool that significantly reduces the time spent on routine tasks.